What is NIS2? -A Brief Overview

A new cyber security regulation that expands the scope of the previous NIS1 Directive and introduces new security and reporting requirements for operators of essential services (OES) and digital service providers (DSPs). All organizations regarded as essential services must work systematically with their information security - and demonstrate compliance.

The political agreement was formally adopted by the Parliament and then the Council in November 2022. It entered into force on 16 January 2023, and Member States now have until 17 October 2024, to transpose its measures into national law.


Who does it apply to?

NIS2 applies to all companies based within an EU member state. The NIS2 Directive builds on previous NIS1 Directive and sets out new obligation for operators of essential services (OES) and digital service providers (DSPs).

Operators of Essential Services (OES)

Companies that provide essential services such as energy, transportation, banking, financial market, infrastructures, health, water supply, and digital infrastructure. The NIS2 Directive defines OES as entities that meet certain criteria, including size, impact, and interdependence. OES are required to comply with the directive’s security and reporting requirements.

Digital Service Providers (DSPs)

Companies that provide online marketplaces, search engines, and cloud computing services. The NIS2 Directive defines DSPs as entities that meet certain criteria, including size and scope of services. DSPs are required to comply with the directive’s security requirements.

What are the requirements?

NIS requires essential community services to adopt a systematic and risk-based security approach and report incidents. It expands the scope of sectors and services covered by the regulation and introduces new security and reporting requirements.

What can we do for you?


We help you proactively identify and address weaknesses in your systems and software through effective vulnerability management.

Cyber Threat

We help you stay ahead of emerging threats and make informed decisions to protect your organization with our cutting-edge cyber threat intelligence. 

Continuous Penetration Testing

We help you continually assess and improve your security posture by simulating real-world attacks.

Inventory and
Control of Assets

We help you understand and manage your digital assets to reduce risk and improve security through effective inventory and control.

Secure Configuration of Assets

We help you safeguard against cyber threats by configuring your assets in a secure manner to minimize vulnerabilities. 

Team of Highly Talented Experts

We provide you with a team of highly skilled and experienced cyber security professionals dedicated to protecting your organization.

How Firi gained full overview of their Digital Attack Surface

Implementation of Active Focus has improved our management and understanding of our attack surface, significantly reducing our risk for future attacks. The team at River Security is always available to answer any questions or concerns we have and has become an invaluable partner in keeping our company and client information safe. We highly recommend the Active Focus service for any business looking to prioritize their cyber security needs.

Cato Auestad
Chief Technology Officer

What people say about our services

Arvid Eriksen SPV

Arvid Eriksen
CISO - Sparebanken Vest

"At the core of our comprehensive cyber-security approach is the comcept of layered protection, ensuring that we are always at the forefront of the latest and greatest innovations in the industry. That's where River Security comes in, offering their Active Focus service to keep us ahead of the curve with a constantly evolving attack surface, and even helping us uncover the unknown. With a dynamic blend of cutting-edge technology and skilled expert verification, paired with lightning-fast agility, we are better equipped to tackle any threat that comes our way."


Ole-Martin Bekkeli
CISO - Azets

"From day one, the service from River Security has significantly improved our IT-security posture, and we have been supplied with precise, critical and relevant input immediately upon discovery.

We can safely recommend River Security and the service "Active Focus" to anyone who wishes to systemize continuous attack surface management."


Thomas Tjøstheim
Vice President Engineering - Aritma

"River Security has provided great value to Aritma since the start, first through an initial Digital Footprint exercise and then with the ongoing delivery in Active Focus. Their methods and technology have uncovered vulnerabilities we would not necessarily find on our own. The team is skilled in identifying real vulnerabilities, demonstrating how they can be exploited, and illustrating the severity. We redommend River Security for their rechnical expertise, and as a group of people who is pleasant to work with."