Digital Infrastructure

Digital infrastructure is one of the central sectors under NIS2 that confers essential-entity status. The sector encompasses organisations that deliver fundamental digital services such as DNS, TLD registries, cloud computing, data centres and content delivery networks (CDNs).

Back to Dictionary

What does digital infrastructure cover?

Under NIS2, digital infrastructure refers to the foundational technology services upon which other sectors and society at large depend. These are the services that keep the internet running, store and process data at scale, and ensure that digital communication functions reliably.

Because of their critical importance, organisations providing digital infrastructure are classified as essential entities under NIS2 and are subject to the strictest requirements for risk management, incident reporting and supervisory oversight.

Which organisations are covered?

NIS2 Annex I identifies the following sub-sectors within digital infrastructure:

DNS service providers: Organisations operating Domain Name System resolution services, enabling the translation of domain names into IP addresses.
TLD name registries: Entities managing top-level domain registries (e.g. .dk, .com), responsible for maintaining the authoritative database of registered domain names.
Cloud computing service providers: Organisations offering on-demand access to shared computing resources such as servers, storage and applications.
Data centre service providers: Operators of facilities housing IT equipment for co-location, hosting and managed services.
Content delivery networks (CDNs): Providers of geographically distributed networks that cache and deliver content closer to end users.
Trust service providers (TSPs): Organisations providing electronic identification and trust services such as digital signatures and certificates.
Electronic communications providers: Providers of public electronic communications networks and services, including telecommunications operators.

Size criteria and exceptions

As a general rule, NIS2 applies to medium-sized and large enterprises within the covered sectors. This means organisations with at least 50 employees or an annual turnover exceeding EUR 10 million. However, there are important exceptions:

Regardless of size: TLD registries and DNS service providers are covered irrespective of their size.
Sole provider: An entity is covered if it is the sole provider of a service essential for maintaining critical societal or economic activities.
Member State discretion: National authorities may designate additional entities as essential or important based on national risk assessments.

Cross-border implications: Many digital infrastructure providers operate across multiple EU Member States. NIS2 introduces a lead supervisory authority model for certain cross-border entities, so that cloud providers and CDNs are primarily supervised by the authority where their main establishment is located.

Frequently Asked Questions about Digital Infrastructure

What is digital infrastructure under NIS2?

Digital infrastructure is one of the sectors listed in NIS2 Annex I. It covers organisations providing foundational digital services such as DNS, TLD registries, cloud computing, data centres, CDNs, trust services and electronic communications.

Are digital infrastructure providers essential or important entities?

Digital infrastructure providers are classified as essential entities under NIS2, which means they are subject to the strictest requirements and proactive supervisory oversight.

Does NIS2 apply to small cloud providers?

Generally, NIS2 applies to medium-sized and large enterprises (50+ employees or EUR 10 million+ turnover). However, some sub-sectors such as TLD registries and DNS providers are covered regardless of size, and Member States may designate additional entities.

What obligations does NIS2 impose on digital infrastructure providers?

Covered entities must implement comprehensive cybersecurity risk management measures, report significant incidents within prescribed timeframes, and cooperate with national supervisory authorities. They must also address supply chain security and ensure business continuity.

How does NIS2 handle digital infrastructure providers operating in multiple countries?

NIS2 introduces a lead supervisory authority model for certain cross-border providers, including cloud and CDN services. The authority in the Member State of the entity's main establishment takes the lead, coordinating with authorities in other Member States.