Entities covered by the NIS 2 law must comply with a range of cybersecurity requirements, including:
The purpose of these requirements is to enhance resilience against cyber threats and protect critical infrastructure.
You can read more about the general requirements for entities covered by the NIS 2 on the Danish Resilience Agency’s website (in Danish).
The European Commission has adopted Implementing Regulation (EU) 2024/2690 with specific rules for a range of service providers to establish a harmonized framework and ensure a common approach to cybersecurity. The regulation clarifies when an incident should be considered significant and sets out the technical and methodological requirements for managing cybersecurity risks.
The EU Agency for Cybersecurity (ENISA) has published a guide to support entities in complying with the requirements of the Commission’s Implementing Regulation (EU) 2024/2690. It provides technical and methodological guidance on how organizations can implement risk management measures, document compliance, and carry out relevant security actions. The guidance includes concrete examples of documentation, interpretation of requirements, and links to both international standards and national frameworks.
Find the guidance here.
Download the mapping of security requirements to international standards and national frameworks here.
These rules apply to:
The rules are set out in the Commission’s Implementing Regulation, which can be read here.
If an entity provides a service covered by the Implementing Regulation, the entire entity (the CVR/ Central Business Register) is subject to the rules – even if the service only constitutes a minor secondary activity. However, the mentioned entities are not subject to the general cybersecurity requirements or incident reporting obligations under the NIS 2 law. Instead, they must follow the Implementing Regulation.
In § 11 of the Danish NIS 2 law (in Danish), there are also specific requirements for TLD name registries and entities providing domain name registration services to maintain a database of TLD name registry data.
For inquiries regarding NIS 2 registration for entities in the digital sector, please contact the Agency for Digital Government at: NIS@digst.dk