Security Requirements under NIS2 Directive

Posted on 4 December 2025

Directive (EU) 2022/2555, also known as NIS2 Directive, is the European Union’s updated framework for cybersecurity, replacing the original NIS Directive. 

This new directive expands the scope of covered entities to include more industries, and aims to enhance Member States’ capability to protect network and information systems, their users, and other affected individuals from cyber incidents and threats. 

In Finland, the directive was transposed into national legislation through Cybersecurity Act (124/2025).

Key requirements

NIS2 brings several requirements for cloud service providers concerning cybersecurity risk and incident management. While these security focused requirements are not new to cloud providers, they are no longer based on voluntary standards and certifications – they are mandatory legal requirements. 

  • Risk Analysis: Companies must conduct thorough risk analyses to identify and evaluate all potential cybersecurity threats.
  • Security Measures: Companies must implement appropriate security measures to protect data and systems, including business continuity plans, supply chain security controls, vulnerability handling and disclosure processes, penetration testing, security training for staff, application of cryptography, and access control measures.
  • Incident Reporting: Companies must have processes in place to detect, manage, and report cybersecurity incidents. The national cybersecurity authority must be notified of any significant cybersecurity incidents. NIS2 sets strict deadlines for the notification, requiring companies to be prepared for incident handling. 

Ensuring security and compliance at UpCloud

UpCloud is responsible for meeting the requirements of the NIS2 Directive while also supporting customers in their compliance efforts. 

Our ISO 27001-certified Information Security Management System (ISMS) provides the foundation, with established policies for risk management and incident handling to ensure security incidents are effectively prevented, managed, and communicated to both authorities and customers when required. We provide annual employee training on ISMS and data privacy, and enforce strict access controls for internal systems and premises. 

We have embedded security requirements to our software development and supply chain management through dedicated policies and onboarding processes, safeguarding our products from development through delivery. We offer our customers additional product security features, such as multifactor authentication, encryption,w and backups. 

The effectiveness of these measures is verified with annual audits and penetration testing. Through this approach, UpCloud maintains continuous compliance with NIS2 and provides a secure and resilient environment for our customers.

Read more about security on our Security & Privacy page. Or reach out to our team to further discuss. 

Summer promotion!

Start your free 30-day trial today and discover why thousands of businesses trust UpCloud

  • $500 free credits
  • Risk-free trial
  • Optimized performance
  • Scalable infrastructure
  • Top-tier security
  • Global availability

Sign up

See also

sydney data centre

UpCloud drops Sydney Cloud Server pricing by 33% to support even stronger growth in Australia

[Helsinki, 9.12.2021] UpCloud, the European leader in high-performance cloud hosting, announces new prices in its Sydney data centre, AU-SYD1.  UpCloud opened its first data centre […]

Krista Lehtonen

Copywriter and Content Specialist at UpCloud. In love with words, cloud curious.

Elastisys and UpCloud collaborate to provide GDPR compliant solutions for customers.

How Elastisys works with UpCloud to ensure GDPR compliance for its customers

As one of UpCloud’s fastest-growing partners, Elastisys delivers a security-hardened Kubernetes platform that is built for EU compliance as well as fully managed on European […]

Janne Ruostemaa

Editor-in-Chief

Introduction of the UpCloud referral program, give a friend €25, and get €50 yourself.

Join our referral program: Give a friend €25, and get €50 yourself!

UpCloud is growing fast and with so much happening it’s sometimes difficult to keep track of everything. Our success is much thanks to our dedicated […]

Janne Ruostemaa

Editor-in-Chief

Back to top