İçeriğe geç
NISDESK
Annex IHighly Critical

NIS2 and the Digital Infrastructure Sector

Internet exchange points (IXPs), DNS providers, TLD registries, cloud computing providers, data centres and content delivery networks (CDNs) are classified as highly critical. They form the backbone of the digital economy.

Entity classification: Essential (large) / Important (medium) entities. Large organisations qualify as Essential Entities; medium organisations are Important Entities in this sector.

Key cyber risks in Digital Infrastructure

Focus obligations for Digital Infrastructure

Who is covered?

Examples of in-scope organisation types:

Is your Digital Infrastructure organisation in scope?

Answer 5 questions and get a personalised NIS2 scope assessment, obligation checklist and readiness score — free.

Check your scope →

Digital Infrastructure NIS2 compliance by country

See how national transpositions affect Digital Infrastructure obligations in each EU member state:

Frequently asked questions

Is the Digital Infrastructure sector covered by NIS2?

Yes. The Digital Infrastructure sector is listed in NIS2 Annex I (highly critical sectors). Medium and large organisations in this sector must comply with NIS2 obligations. Internet exchange points (IXPs), DNS providers, TLD registries, cloud computing providers, data centres and content delivery networks (CDNs) are classified as highly critical. They form the backbone of the digital economy.

Are Digital Infrastructure organisations Essential or Important Entities?

Under NIS2, large Digital Infrastructure organisations are typically Essential Entities. Medium-sized Digital Infrastructure organisations are Essential (large) / Important (medium). The distinction affects supervisory intensity and fine levels.

What are the key NIS2 obligations for the Digital Infrastructure sector?

Resilience and redundancy for critical internet infrastructure; 72-hour incident reporting (some providers have 24-hour early warning); Network security and DDoS mitigation; Supply-chain security for hardware and firmware. Obligations apply under NIS2 Articles 21 (security measures) and 23 (incident reporting).

Which national authorities supervise NIS2 for Digital Infrastructure in each EU country?

Each EU member state designates a national competent authority for NIS2. Visit any country page on NISDESK to see the specific authority and CSIRT for the Digital Infrastructure sector in that country.

For decision-support purposes only. Exact scope depends on national transposition.