İçeriğe geç
NISDESK
Annex IHighly Critical

NIS2 and the Transport Sector

Air, rail, water and road transport operators are covered under NIS2 Annex I. This includes airlines, airports, railway managers, maritime port operators and road transport authorities. Cross-border interdependencies make this sector highly critical.

Entity classification: Essential (large) / Important (medium) entities. Large organisations qualify as Essential Entities; medium organisations are Important Entities in this sector.

Key cyber risks in Transport

Focus obligations for Transport

Who is covered?

Examples of in-scope organisation types:

Is your Transport organisation in scope?

Answer 5 questions and get a personalised NIS2 scope assessment, obligation checklist and readiness score — free.

Check your scope →

Transport NIS2 compliance by country

See how national transpositions affect Transport obligations in each EU member state:

Frequently asked questions

Is the Transport sector covered by NIS2?

Yes. The Transport sector is listed in NIS2 Annex I (highly critical sectors). Medium and large organisations in this sector must comply with NIS2 obligations. Air, rail, water and road transport operators are covered under NIS2 Annex I. This includes airlines, airports, railway managers, maritime port operators and road transport authorities. Cross-border interdependencies make this sector highly critical.

Are Transport organisations Essential or Important Entities?

Under NIS2, large Transport organisations are typically Essential Entities. Medium-sized Transport organisations are Essential (large) / Important (medium). The distinction affects supervisory intensity and fine levels.

What are the key NIS2 obligations for the Transport sector?

Incident response plans for safety-critical systems; Security of communication and navigation systems; 72-hour incident reporting to the national authority; Vendor risk management for booking and logistics software. Obligations apply under NIS2 Articles 21 (security measures) and 23 (incident reporting).

Which national authorities supervise NIS2 for Transport in each EU country?

Each EU member state designates a national competent authority for NIS2. Visit any country page on NISDESK to see the specific authority and CSIRT for the Transport sector in that country.

For decision-support purposes only. Exact scope depends on national transposition.