News


Logo

🔐 NIS2: what changes for Italian companies and why it also affects those not directly obligated

The new European NIS2 Directive redefines the minimum cybersecurity standards required for organizations operating in the European market. The measures introduced do not apply only to companies explicitly listed in Annexes I and II: all Italian companies, regardless of size or sector, are involved in the digital security ecosystem.
This is because organizations subject to the Directive must demonstrate protection of their entire supply chain, ensuring that suppliers, partners, outsourcers, subcontractors, and software providers adopt adequate levels of security, traceability, and document governance.

🟥 Essential obligated sectors (Annex I)

Essential organizations provide critical services and must comply with the most stringent NIS2 requirements to ensure security and operational continuity.

  • 🏥 Healthcare
  • ⚡ Energy
  • 🚛 Transport
  • 📡 Digital infrastructure (Cloud, Data Centers, DNS, IXPs)
  • 💧 Drinking water and wastewater
  • 💶 Banking and finance
  • 🧪 Chemical sector
  • 🍽️ Agri-food (large enterprises)
  • 🏛️ Central Public Administration

🟧 Important obligated sectors (Annex II)

Companies operating in important sectors support strategic value chains and are subject to NIS2 compliance based on risk exposure and operational impact.

  • 🏭 Critical manufacturing (machinery, electronics, automotive)
  • 🧱 Construction and building materials
  • ♻️ Waste management
  • 🛒 Wholesale trade
  • 🖥️ Digital services and online platforms
  • 🔑 Cybersecurity service providers
  • 🎬 Media and information services
  • 📡 Telecommunications

🟦 Non-obligated sectors… yet still involved

Many SMEs do not fall under the Directive’s direct obligations but are still involved as part of supply chain compliance.

  • 👔 Professional firms and consultants
  • 🧩 Software companies and ICT providers
  • 🚗 Automotive and manufacturing subcontractors
  • 🛍️ Retail, B2B services, and logistics
  • 🍽️ Hospitality – hotels, restaurants, events
  • 🧱 Artisans and micro-enterprises
  • 🧰 Outsourcing, maintenance, and technical services

In summary, even organizations that are not formally obligated must demonstrate reliability and security to avoid exclusion from partnerships, tenders, and regulated supply chains.

🧰 How CRM and ECM support NIS2 compliance — and what Blackbirds can do for your company


Solutions such as CAS genesisWorld (CRM) and ELO Digital Office (ECM) enable organizations to document, track, and govern processes and information in line with NIS2 requirements.

🧠 CAS genesisWorld: governance and traceability

  • Secure management of users and roles
  • Audit trails and activity tracking
  • Process automation
  • Advanced data governance

📁 ELO Digital Office: document control

  • Centralized document repository
  • Versioning and verifiable logs
  • Certifiable workflows
  • Support for incident management and audits

  • Compliance NIS2