The Network and Information Systems 2 (NIS2) directive of the European Union will significantly affect Union countries and nation-states in its periphery—such as the United Kingdom, Switzerland, and the European Economic Area—by the end of 2024. This will bring into the scope of critical national infrastructure (CNI) companies which are not currently considered to be part of CNI. It will compel those companies to comply with requirements to disclose network and computer systems incidents—not just data breaches, as with the General Data Protection Regulation (GDPR), but network and information systems incidents more broadly. Failure to do so can result in very significant financial penalties.