Translations:Network and Information Security Directive (NIS2-RL)/55/en

Entities already subject to sector-specific EU legislation that mandates their own risk management or incident reporting—ensuring at least equivalent cybersecurity—and that are formally recognised as such by regulation (§ 27 NISG), are exempt. This may apply to entities covered by the DORA Regulation.