Navigating the New Landscape: What Manufacturers Need to Know About NIS2

Manufacturers are no strangers to complexity, but 2025 brings a new challenge that cuts across IT, OT, and the boardroom: compliance with the EU’s updated Network and Information Security Directive, NIS2.

If you’re leading cybersecurity, infrastructure, or OT security in your manufacturing organization, this directive isn’t just another box to check, it’s a call to rethink how your business approaches cyber risk, resilience, and regulatory alignment.

At Manufacturing Data Summit Europe 2025, we’ll explore exactly how manufacturers are approaching this — with real-world case studies, peer-led panels, and practical frameworks to support NIS2 readiness.

Jump to section:

Why NIS2 Matters Now

NIS2 represents a major regulatory step forward in Europe’s push to safeguard critical sectors, including manufacturing, against growing cyber threats. The directive expands its reach far beyond its predecessor, requiring “essential” and “important” entities to raise their game across governance, technical controls, incident response, and supply chain security.

For manufacturers, this means your factory floor, IT systems, and third-party vendors now sit firmly within regulatory scope. Even mid-sized enterprises are affected, especially if you’re operating in high-value verticals like automotive, chemicals, food production, electronics, or industrial machinery.

The goal? Not just cybersecurity maturity, but operational resilience. That’s a shift in mindset many manufacturing security leaders are already navigating.

Session spotlight: How to keep data secure- public examples of cyber breaches and the root causes

Hear from Paul Knight, CISO at Turntide Technologies and other experts at #MDS2025 as they break down real breaches and how manufacturers are building better defences.14 October 2025 | London | [Explore the Full Agenda]

What Does NIS2 Require?

NIS2 doesn’t prescribe specific technologies. Instead, it emphasizes outcomes and accountability. Key obligations include:

  • Risk-Based Security Measures: Companies must implement appropriate and proportionate measures to mitigate cyber risks, across both IT and OT environments. Think: access control, patch management, segmentation, and asset visibility.
  • Incident Reporting: Significant incidents must be reported to national authorities within 24 hours (initial alert), with full assessments provided over the following weeks.
  • Business Continuity & Recovery: Organizations must have response plans that ensure availability of critical systems, minimize disruption, and support rapid recovery.
  • Supply Chain Cybersecurity: You’re expected to assess and manage the risks posed by third parties, including vendors of industrial automation, cloud services, or remote access tools.
  • Executive Accountability: Senior leadership must take ownership of cybersecurity policy, undergo appropriate training, and can be held liable for failures.
Manufacturing Data Summit London 2025 event banner

Where Are the Common Gaps?

For many manufacturing firms, preparing for NIS2 means confronting long-standing cybersecurity blind spots:

  • OT Visibility Deficits: While IT environments are well-monitored, OT systems often operate in the dark. Legacy controllers, unpatched HMIs, and insecure protocols still run critical production lines.
  • Siloed Teams: IT and OT functions may operate in isolation. NIS2 demands coordinated governance, shared threat intelligence, and unified incident response.
  • Vendor Risk Management: Many manufacturers haven’t assessed the cybersecurity posture of their suppliers. NIS2 forces a closer look at who has access to your systems and what controls they have in place.
  • Cultural Resistance: Security can be seen as a barrier to uptime. Bridging the gap between protection and productivity is a cultural as well as technical challenge.
  • Resource Constraints: Skilled cybersecurity professionals who understand both IT and industrial systems are hard to find. NIS2 amplifies the urgency of closing that talent gap.
Session spotlight: Designing for the Future – How to Simplify and Modernise Data Architectures
Struggling with visibility, siloed teams, or legacy systems? Learn how top manufacturers are aligning skills, security, and system design to unlock value from their data.
Hear from leaders at Arm, MTC, Atlas Copco, and 5Y Technology as they share how they’re modernising data architectures to support visibility, resilience, and cross-functional collaboration.
14 October 2025 | London | [Explore the Full Agenda]

How NIS2 Aligns with IEC 62443 and ISO 27001

The good news? NIS2 doesn’t require starting from scratch. It aligns closely with well-established frameworks manufacturers already use.

  • IEC 62443 provides specific guidance on securing industrial control systems. Network segmentation, system hardening, and secure software development practices directly support NIS2’s requirements.
  • ISO 27001 offers a broad, organization-wide framework for managing information security risk. If your ISMS is mature, you’re already well-positioned to demonstrate compliance in many areas.

But make no mistake: NIS2 introduces legal obligations and external enforcement. It’s not just about following best practices, it’s about proving that your risk posture meets evolving expectations.

Session spotlight: Building a Data Strategy for AI to Mitigate Risk and Create Business Value
Looking to harmonise NIS2 with existing standards like IEC 62443 and ISO 27001? This keynote explores how manufacturers are using data strategy and AI to strengthen security, reduce risk, and drive smarter transformation.
Position your compliance efforts within a broader digital roadmap — and turn regulation into resilience.
14 October 2025 | London | [Explore the Full Agenda]

Turning Compliance into a Strategic Advantage

Too often, compliance is viewed as a burden. But NIS2 can be a springboard for broader transformation, if approached the right way.

Here’s how forward-looking IT and security leaders are reframing the challenge:

1. Link Cybersecurity to Operational Resilience

Use NIS2 as a reason to strengthen not just protection, but business continuity. That means investing in incident response playbooks that cover IT and OT systems, building redundancy for critical functions, and validating recovery plans through simulations.

If ransomware hits your plant network, can you isolate and restore fast, without halting production? That’s the new benchmark.

2. Make Security a Business Enabler

NIS2 doesn’t have to slow down innovation. In fact, integrating security by design into digital initiatives, like smart factory rollouts, AI platforms, or connected sensors, actually de-risks transformation.

Position cybersecurity as a foundation, not a friction point. When security is baked in, digital progress can move faster, with fewer interruptions, breaches, or rework.

Manufacturing Data Summit 2025 event banner

3. Strengthen Vendor Trust

Customers and OEMs are already increasing scrutiny of their supply chains. Meeting NIS2 standards not only protects your business, it signals maturity to partners.

Security-driven compliance can become a competitive differentiator. If you can demonstrate robust controls and incident preparedness, you’re more likely to win high-value contracts and long-term relationships.

Learn how manufacturers are managing vendor and ecosystem risk at the Manufacturing Data Summit Europe’s (London, October 14) keynote on theManufacturers’ Information Hub, a real-world example of collaboration and governance in practice.

What to Do Next: Practical Steps

If you’re preparing for NIS2, here’s your immediate next step:

Join the Manufacturing Data Summit Europe 2025 – the UK’s only one-day event built specifically for manufacturing, data, and cybersecurity leaders navigating today’s biggest digital and regulatory challenges.

  • Learn how peers are aligning with NIS2, IEC 62443, and ISO 27001
  • Hear from C-level security and infrastructure leaders already embedding governance across OT and IT
  • Access frameworks, real examples, and expert advice you won’t find in a whitepaper

14 October 2025 |  America Square Conference Centre, London

Save £250 with Early Bird Pricing – offer ends 5 August

Register now for Manufacturing Data Summit Europe 2025

Your compliance strategy isn’t just about avoiding fines — it’s about protecting your future. Let’s build it, together.

Final Thought: Security Isn’t Just About Avoiding Fines

Ultimately, NIS2 is about more than compliance, it’s about safeguarding the very systems that power your products, your people, and your reputation.

By embracing this directive as an opportunity to strengthen cyber resilience across IT and OT, manufacturing leaders are building not just safer operations, but smarter, more adaptable enterprises ready for the future.

Now’s the time to act. Use NIS2 to elevate cybersecurity from a technical silo to a strategic business priority. And take the next step by connecting with your peers and accelerating your readiness at the Manufacturing Data Summit Europe 2025.