E-time | the software company
After the preparatory phase, in 2026 organizations enter the full implementation of the European NIS 2 Directive, with effective obligations and operational responsibilities.
During January, the main development was the entry into force of the obligation to notify significant incidents, with defined timelines for early warning, detailed notification and final report.
Below are the main upcoming deadlines for 2026, which will guide organizations in the full implementation of the NIS 2 Directive.
Sectoral guidelines NIS 2 Directive
Between February and September 2026, ACN progressively publishes the guidelines dedicated to each sector.
These documents aim to provide practical and concrete indications, adaptable to different operational contexts, in order to support companies in implementing security measures in a proportionate way, avoiding excessive or insufficient approaches.
April-June 2026: Categorization model and communication of services
By the beginning of April 2026, ACN plans to develop and make available the categorization model of activities and services, together with the package of long-term obligations.
Subsequently, between May and June 2026, organizations will be required to communicate the list of the activities and services provided, specifying their type and level of relevance. This step will make it possible to obtain a clear and structured overview of business activities in relation to security obligations.
October 2026: Implementation of basic security measures
31 October 2026 constitutes a key deadline in the compliance path. By this date, all organizations must have implemented and made operational the fundamental security measures, which concern key areas such as:
- technical protection of information and operational systems (IT and OT);
- continuity of business activities;
- risk management and governance;
- incident management and response (incident response);
- security throughout the entire supply chain.
With the end of October, the support and guidance phase by ACN concludes, allowing it to start inspection activities and systematic checks, while at the same time launching the implementation of long-term security measures.
For this reason, it is essential that companies plan the necessary adjustments well in advance, reducing the risk of operational disruptions and possible penalties.
Rexguard: centralized management of non-conformities
Rexguard is an integrated platform developed to simplify and centralize the management of security incidents, vulnerabilities, non-conformities and audit activities within a single operational environment.
The solution enables organizations to manage these processes more efficiently, improving the speed of incident response and supporting compliance with standards and regulations, including NIS2.
Thanks to full activity traceability features, detailed audit trails and customizable reporting systems, companies can accurately monitor every phase of the incident management process, while strengthening the overall security and governance of IT systems.
Discover how to be compliant
with the NIS 2 Directive
with the NIS 2 Directive
