Log inWatch a demo
Try for free

NIS2 and secure cloud infrastructure

The NIS2 Directive strengthens cybersecurity and operational resilience requirements across the European Union. As digital infrastructure becomes a critical dependency for organizations, protecting sensitive information and ensuring service continuity are central to regulatory expectations.

Tresorit supports affected organizations with a security-first cloud platform designed to reduce data exposure and support structured risk management.

Tresorit-NIS2-Hero@2x

What NIS2 means in practice

NIS2 expands cybersecurity obligations for essential and important entities within the EU. It emphasizes structured risk management, protection of network and information systems, incident preparedness, and operational resilience.

The directive reflects a broader shift: cybersecurity is no longer solely a technical concern but a governance-level responsibility affecting business continuity and digital trust.

Who NIS2 applies to

NIS2 applies to organizations classified as essential or important entities, including operators in critical sectors and digital service providers.

Applicability depends on sector classification, organizational size, and role within critical supply chains. Organizations operating across EU member states may also be indirectly affected through contractual or risk management obligations.

01_Who_NIS2_applies_to@2x

Who NIS2 applies to

NIS2 applies to organizations classified as essential or important entities, including operators in critical sectors and digital service providers.

Applicability depends on sector classification, organizational size, and role within critical supply chains. Organizations operating across EU member states may also be indirectly affected through contractual or risk management obligations.

01_Who_NIS2_applies_to_MB@2x

Tresorit’s role in the NIS2 context

Under NIS2, organizations remain responsible for meeting regulatory obligations. Cloud service providers, however, form part of the broader digital risk landscape.

Tresorit supports organizations by limiting data exposure, strengthening access control, and providing secure collaboration infrastructure designed to reduce cybersecurity risk in distributed environments.

 

02_Tresorits_role_NIS2@2x

Security architecture and resilience

Tresorit’s architecture is designed to minimize unauthorized access and reduce systemic risk. Client-side encryption ensures that sensitive information remains protected before it leaves the user’s device.
Combined with strict access controls and controlled sharing mechanisms, this architecture supports organizational resilience in environments where data exposure is a key regulatory concern.

Tresorit-e2ee@2x

Security architecture and resilience

Tresorit’s architecture is designed to minimize unauthorized access and reduce systemic risk. Client-side encryption ensures that sensitive information remains protected before it leaves the user’s device.
Combined with strict access controls and controlled sharing mechanisms, this architecture supports organizational resilience in environments where data exposure is a key regulatory concern.

Tresorit-e2ee_MB@2x

Incident response and operational continuity

NIS2 emphasizes timely incident detection and response. While compliance obligations remain with organizations, the resilience of underlying service providers plays a critical role in maintaining operational continuity.

Tresorit operates monitored systems and maintains structured security practices designed to support reliability, transparency, and responsible incident handling.

04_Incident_response_and_op_continuity@2x

How Tresorit supports NIS2 requirements

NIS2 outlines expectations around risk mitigation, incident preparedness, protection of digital assets and more. Tresorit contributes to these areas through security-focused architectural and operational measures.
Share

Fortify your supply chain’s security posture — NIS2 article 21, (2)h

Tresorit ensures risk-free collaboration across you supply chain. Ensure business secrecy, seamless information sharing, and integrated document signing via Tresorit’s secure data rooms. Use email encryption and hit the button with full peace of mind.
Security-Shield-alert

Encrypt vulnerability disclosure channels — NIS2 article 21 (2)e

Prevent your vulnerability analysis from falling into the wrong hands. Tresorit ensures that detected security flaws will stay between you and your trusted partners.
Security-Shield-favorite

Bolster your incident handling processes — NIS2 article 21, (2)b

Act promptly whenever an incident occurs, without extending your attack surface. Set up a confidential data room immediately to speed up detection and recovery. With Tresorit, you can easily exchange sensitive information with competent personnel, authorities, and CIRTs.
Reaction-Bulb

Effortlessly empower cyber hygiene practices — NIS2 article 21, (2)g

Instill secure work routines into your company’s culture with no hassles. A user-friendly tool with automatic encryption from sender to receiver and versatile security controls is the best way to go.
Industires-Finance-skyscaper

Ensure business continuity via a resilient platform — NIS2 article 21, (2)c

Deliver friction-free services even in the face of an attack. With backup files securely stored in our cloud, you can bounce back in no time. Your collaborative processes can smoothly flow with 24/7 access to your files from anywhere - no matter the severity of the incident.
User-Group

Automate & enforce strong access control policies — NIS2 article 21,(2)i

Keep the information exchange inside and outside of your company in check, with granular security controls, watermarks, and audit logs. Enforce 2FA, supervise, and analyze how people interact with your content – from sharing to requesting files, from data room collaboration to signing.
Security-Shield-check

Secure collaboration with automatic encryption — NIS2 article 21, (2)h

Implement strong encryption in seconds. Enforce its use without hassles. Built-in encryption offers you the shortcut to genuine security habits. Tresorit’s zero-knowledge end-to-end encryption makes it impossible for unauthorized parties to access your internal and external communications.
Security-Padlock

Secure system acquisition & development — NIS2 article 21, (2)e

Replace your disjointed ecosystem of apps with a single secure platform. Centralize your company’s sensitive content flow into a protected workspace, built in line with the Secure Software Development Lifecycle principles.

Customer Success Stories

NIS2 FAQ

NIS2 applies to organizations, not products. Tresorit supports customers with security and data protection measures aligned with NIS2 requirements. 

No. Compliance depends on organizational measures. Tresorit provides supporting technology and security foundations.

The directive applies to a range of entities operating in 11 essential and 7 important sectors. Company size and turnover are the rule of thumb for deciding which company falls under the directive.
 
Both entity groups must fulfill the same requirements. However, essential entities considered critical for the society’s functioning, will be proactively supervised. Whereas, important entities will undergo scrutiny only after a non-compliance is reported.
Entities must take the following measures (Art 21) to protect their network, information systems, and physical environment from incidents:
  • Risk analysis & information system security
  • Incident handling
  • Business continuity measures
  • Supply chain security
  • Security in system acquisition, development & maintenance
  • Policies and procedure to assess the effectiveness of cybersecurity risk management measures
  • Basic cyber hygiene practices and cybersecurity training
  • Policies and procedures on the use of cryptography and encryption
  • Human resources security, access control policies and asset management
  • Use of multi-factor authentication, secured voice/video/text communication and secured emergency communication
NIS2 defines stricter fines for non-compliance and personal accountability on senior management level:
  • For essential entities: administrative fines of up to 10 million euros or 2% of the total annual global revenue in the previous fiscal year, whichever amount is higher.
  • For important entities: administrative fines of up to €7 million or 1.4% of the total annual global turnover in the previous fiscal year, whichever is higher.

NIS2 compliance through security by design

NIS2 reflects a broader European focus on cybersecurity resilience and digital risk management. Tresorit supports affected organizations with secure cloud storage and collaboration infrastructure designed to protect sensitive information and contribute to structured risk mitigation efforts.

For detailed compliance assessment, organizations should consult legal and regulatory advisors.

Essential resources to NIS2 compliance