Receive the latest insights, news and more direct to your inbox.

Who is concerned?
NIS2 mainly concerns medium-sized and large organisations operating in sectors such as energy, transport, banking, healthcare, digital infrastructure, public administration, food, manufacturing, and other critical services. In some cases, smaller organisations may also be in scope if they provide essential services, operate key infrastructure, or play a strategically important role.
What does it mean in practice?
Organisations that fall within scope must put in place appropriate cybersecurity measures, manage incidents effectively, and report significant incidents within strict deadlines. NIS2 also increases expectations around business continuity, supply chain security, internal governance, and accountability.
Management is expected to oversee cybersecurity measures and ensure they are appropriately prioritised within the organisation.
How can Grant Thornton help?
Grant Thornton supports organisations in understanding their obligations, identifying priorities, and building a pragmatic path to compliance. We combine regulatory expertise, real-world implementation experience, and a risk-based approach to help clients strengthen resilience while meeting evolving expectations.
- Clear regulatory interpretation: We help you understand what NIS2 means for your organisation and translate legal and regulatory requirements into practical, actionable steps.
- Focused readiness assessments: We assess your current cybersecurity and governance framework, identify gaps, and highlight priority actions based on risk, maturity, and business impact.
- Pragmatic remediation support: We help design realistic remediation roadmaps covering governance, policies, incident management, business continuity, supply chain security, and control enhancement.
- Sustainable compliance and resilience: Beyond immediate readiness, we help embed cybersecurity into governance and operations, so your organisation is better prepared for future regulatory developments and emerging threats.
Contact
If you wish to understand whether your organisations is in scope and how ready you are for NIS2, Grant Thornton can help you assess your exposure, identify gaps, and define a practical roadmap forward. Please feel free to reach out to Hakim Mezieche, IT Audit Partner at Grant Thornton Luxembourg.