Gain strategic insights and best practices on how to integrate physical and cyber security and how to manage access in critical environments, to strengthen your capabilities and adopt a comprehensive access governance approach in line with NIS2.

Download the whitepaper and discover how compliance truly starts at the door.

The new NIS2 Directive marks a fundamental shift in how critical infrastructures must be protected. The European Union now clearly states that cybersecurity cannot be separated from physical protection in essential sectors such as energy, telecommunications, transport, and healthcare. NIS2 introduces a cyber-physical governance approach, designed to protect not only digital systems but also the physical environments that host them. Threats such as theft, fire, power outages, telecom failures, or unauthorized physical access can all become entry points for cyber-physical attacks.

Despite significant investments in cyber-defence, physical access remains one of the most underestimated vulnerabilities. As highlighted by ENISA (European Union Agency for Cybersecurity), gaining physical access to network equipment can allow attackers to bypass digital protections, install interception devices, steal sensitive hardware, or disrupt critical services.

To support organisations in addressing NIS2 requirements, ISEO has identified 10 essential best practice for aligning access‑control systems with the directive.