EU NIS2 Directive - Transport Sector Requirements
This corpus node provides a transport-sector application view of the NIS2 Directive (Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union). NIS2 Annex I, Sector 5 lists transport as a critical sector covered as 'Essential Entities' with four sub-sectors: 5(a) Air transport (carriers + airport managing bodies + air traffic management providers), 5(b) Rail transport (infrastructure managers + railway undertakings), 5(c) Water transport (inland-waterway + sea + coastal passenger and freight + port managing bodies + vessel traffic services), 5(d) Road transport (road authorities responsible for traffic management + ITS operators). The substantive obligations come from NIS2 main: Article 21(2)(a)-(j) cybersecurity risk-management measures (10 baseline categories: risk-analysis policies + incident handling + business continuity + supply chain + secure acquisition/development/maintenance + effectiveness assessment + basic cyber hygiene + cryptography + HR security + asset management + multi-factor authentication / secured communications); Article 23 incident reporting (24-hour early warning, 72-hour notification, 1-month final report); Article 24 European cybersecurity certification scheme use; Articles 31-34 supervisory powers + administrative fines (Essential Entities: up to EUR 10 million or 2% of worldwide turnover, whichever is higher). This corpus node tracks the transport-specific application; the main NIS2 Directive is the substantive source. Corpus status: referenced (sector-application view of an existing enacted directive, not a separate enacted instrument).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (5)
NIS2 Transport - Governance, Supply Chain and Certification (Articles 20, 22, 24)
| Code | Title |
|---|---|
| NIS2-TRN-Art20 | Management body responsibilities and training (NIS2 Article 20) |
| NIS2-TRN-Art22 | Coordinated risk assessments of critical supply chains (NIS2 Article 22) |
| NIS2-TRN-Art24 | Use of European cybersecurity certification schemes (NIS2 Article 24) |
| NIS2-TRN-Sectoral-Coordination | Sectoral lex specialis coordination - air / rail / water / road (NIS2 Article 4 + Article 12) |
NIS2 Transport - Incident Reporting (Article 23)
| Code | Title |
|---|---|
| NIS2-TRN-Art23 | Incident reporting obligations - 24h early warning + 72h notification + 1-month final report (NIS2 Article 23) |
NIS2 Transport - Risk Management Measures (Article 21(2))
| Code | Title |
|---|---|
| NIS2-TRN-Art21(2) | Cybersecurity risk-management measures (NIS2 Article 21(2)(a)-(j)) |
NIS2 Transport - Sectoral Scope (Annex I Sector 5)
| Code | Title |
|---|---|
| NIS2-TRN-Scope | Sectoral scope - Annex I Sector 5 Transport (NIS2 Article 2 + Annex I) |
NIS2 Transport - Supervision and Enforcement (Articles 31-34)
| Code | Title |
|---|---|
| NIS2-TRN-Art27 | Registration of essential and important entities (NIS2 Article 27) |
| NIS2-TRN-Art31_32_33 | Supervisory measures for essential entities (NIS2 Articles 31-33) |
| NIS2-TRN-Art34 | Administrative fines (NIS2 Article 34) - up to EUR 10M or 2% of turnover |
| NIS2-TRN-Status | Sectoral application view status (this corpus node) |
Maps to 2 other frameworks
Frequently Asked Questions
What is EU NIS2 Directive - Transport Sector Requirements?
EU NIS2 Directive - Transport Sector Requirements is a compliance framework from European Union with 5 domains and 11 controls. This corpus node provides a transport-sector application view of the NIS2 Directive (Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union). NIS2 Annex I, Sector 5 lists transport as a critical sector covered as 'Essential Entities' with four sub-sectors: 5(a) Air transport (carriers + airport managing bodies + air traffic management providers), 5(b) Rail transport (infrastructure managers + railway undertakings), 5(c) Water transport (inland-waterway + sea + coastal passenger and freight + port managing bodies + vessel traffic services), 5(d) Road transport (road authorities responsible for traffic management + ITS operators). The substantive obligations come from NIS2 main: Article 21(2)(a)-(j) cybersecurity risk-management measures (10 baseline categories: risk-analysis policies + incident handling + business continuity + supply chain + secure acquisition/development/maintenance + effectiveness assessment + basic cyber hygiene + cryptography + HR security + asset management + multi-factor authentication / secured communications); Article 23 incident reporting (24-hour early warning, 72-hour notification, 1-month final report); Article 24 European cybersecurity certification scheme use; Articles 31-34 supervisory powers + administrative fines (Essential Entities: up to EUR 10 million or 2% of worldwide turnover, whichever is higher). This corpus node tracks the transport-specific application; the main NIS2 Directive is the substantive source. Corpus status: referenced (sector-application view of an existing enacted directive, not a separate enacted instrument). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does EU NIS2 Directive - Transport Sector Requirements have?
EU NIS2 Directive - Transport Sector Requirements has 11 controls organised across 5 domains. The largest domains are NIS2 Transport - Governance, Supply Chain and Certification (Articles 20, 22, 24) (4 controls), NIS2 Transport - Supervision and Enforcement (Articles 31-34) (4 controls), NIS2 Transport - Incident Reporting (Article 23) (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does EU NIS2 Directive - Transport Sector Requirements map to?
EU NIS2 Directive - Transport Sector Requirements maps to 2 other compliance frameworks. The top mapping partners are FAA Cybersecurity Framework for Aviation (27% coverage), NIS2 Directive (9% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with EU NIS2 Directive - Transport Sector Requirements compliance?
Start your EU NIS2 Directive - Transport Sector Requirements compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about EU NIS2 Directive - Transport Sector Requirements requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 11 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 706 frameworks.
Get Started Free →Free forever — no credit card required