Regulus
Install See the diff
EU

NIS2

Directive (EU) 2022/2555 — Network and Information Security Directive 2

EU cybersecurity directive expanding scope to essential and important entities. Many AI-driven platforms in critical sectors now fall in scope.

Who does it apply to?

  • Essential entities — energy, transport, banking, financial market infrastructure, health, drinking water, wastewater, digital infrastructure, ICT service management, public administration, space.
  • Important entities — postal/courier services, waste management, manufacture/production of chemicals, food, manufacturing of medical devices, computers/electronics, machinery, motor vehicles.
  • Agentic AI deployments in any of the above sectors automatically inherit the parent organisation's NIS2 obligations.

Two-minute explainer

NIS2 (Directive (EU) 2022/2555) replaces the original NIS Directive (2016/1148) and significantly expands the scope of EU cybersecurity regulation. The transposition deadline for member states was 17 October 2024; national laws now apply across the EU.

For agentic AI builders, NIS2 matters because:

Scope expansion. The directive now covers a large set of essential and important entities across 18 sectors. If your agentic AI is deployed inside an essential entity (a bank, an energy utility, a healthcare provider, a public administration), the agent inherits the parent organisation’s NIS2 obligations.

Management-body accountability. Article 20 places personal accountability on the management body for the cybersecurity risk-management measures. This is more than ticking a box — management bodies must approve the measures, oversee implementation, and can be held personally liable for compliance failures.

Article 21 risk-management measures. Ten categories of measures are prescribed: policies on risk analysis, incident handling, business continuity, supply-chain security, network/information system acquisition, vulnerability handling, basic cyber-hygiene, cryptography, HR security and asset management, multifactor authentication and identity management. For an AI agent in scope, each of these maps to specific runtime evidence.

Incident reporting cascade. Article 23 requires three reports for each significant incident: an early warning within 24 hours of becoming aware, a full incident notification within 72 hours, and a final report within 1 month. The Regulus kill-switch event triggers this timer; the GRC adapter routes the cascade.

Supply-chain security (Art. 21(2)(d)). Explicit obligation to manage cybersecurity risk from suppliers and service providers. For agentic AI, the suppliers are the LLM provider, the cloud provider, and any third-party API the agent calls. The Model Registry is the runtime register; the audit chain captures every supplier interaction.

The Regulus NIS2 profile composes with dora (financial services firms are typically dual-regulated), with gdpr (personal data processed by an in-scope entity), and with eu-ai-act (AI in critical sectors typically Annex III high-risk).

What NIS2 doesn’t reduce to runtime: the organisational cybersecurity strategy, the management-body cybersecurity training (Article 20(2)), the business-continuity planning as documented artefact. These are governance deliverables. The runtime side — the agent’s incident response, the supply-chain register, the basic cyber-hygiene controls — is what Regulus delivers.

What it actually requires of an engineer

  1. Cybersecurity risk management is now mandatory. Article 21 prescribes 10 risk-management categories, each of which needs evidence at runtime.
  2. Incident reporting follows a strict cascade. Early warning within 24 hours of significant incident, full notification within 72 hours, final report within 1 month.
  3. Supply-chain security is explicit. Article 21(2)(d) covers cybersecurity of suppliers and service providers — Vertex AI, LLM providers, and any third-party API the agent calls are in scope.
  4. Management bodies are personally accountable. Article 20 places direct accountability on the management body for cybersecurity risk-management measures.

What Regulus does for you

Regulus control Delivers
RegulusAuditPlugin Article 21(2)(c) operational cybersecurity evidence — hash-chained audit trail of agent decisions, accessible to the management body via the GRC dashboard.
RegulusKillSwitchPlugin Article 23 incident response — dual-control engagement triggers the 24-hour early warning timer. The kill-switch event carries the incident classification.
RegulusIdentityExpiryGuard Article 21(2)(g) basic cyber-hygiene — short-lived credentials enforced; expired-credential tool calls denied with audit evidence.
RegulusGovernanceEvidencePlugin Article 23 cascade automation — incident events routed to your NCSC/CSIRT-facing webhook with the 24/72/30-day timer expectations encoded as event metadata.
RegulusModelRiskPlugin Article 21(2)(d) supply-chain security — Model Registry captures every LLM provider as a tracked supplier with concentration metrics and review dates.

Saves you ~8 engineer-weeks

Estimate based on the following honest assumptions:

  • Hash-chained audit trail (already built for EU AI Act / GDPR — incremental work here is small).
  • Incident cascade automation with 24/72/30 timers (3 weeks).
  • Supply-chain tracking + Model Registry integration (2 weeks).
  • Management-body dashboard / GRC adapter wiring (2 weeks).
  • Cyber-hygiene baseline (identity, residency) — 1 week incremental on existing infrastructure.

What an auditor will ask

The questions you'll see in a real walkthrough — and where to point them.

  1. Show me your incident-response evidence for the last 12 months.

    Filter the audit chain by event_type IN ('KILL_SWITCH_ENGAGED', 'INCIDENT_DECLARED'). Each shows the 24-hour notification timer state and the classification.

  2. How are you managing supply-chain cybersecurity risk?

    The Model Registry is the supplier register for AI providers. Concentration metrics, review dates, and approved-by Principals are all captured. Export with regulus dora register export.

  3. What evidence do you have of management-body engagement?

    Configure the GRC adapter to route summary events to the management-body dashboard. Each tier-3 model invocation and each kill-switch engagement triggers a board-level event.

What this doesn't cover

  • Non-AI cybersecurity controls — Regulus profiles the AI agent's runtime; broader cybersecurity (network segmentation, endpoint protection, IAM hygiene at the org level) is your CISO's scope.
  • NCSC / CSIRT-specific format mappings — Regulus emits the events; the per-member-state format requirements are encoded in your GRC adapter configuration.
  • Member-state transposition specifics — NIS2 is a directive, so each member state's national law differs. Regulus enforces the directive's runtime expectations; jurisdiction-specific overlays live in custom profiles.

Citations

  1. Directive (EU) 2022/2555 — full text ↗
  2. ENISA — NIS2 implementation guidance ↗

Activate this profile in your agent

regulus init my-agent --profiles=nis2
Install the CLI All 10 regulations