NIS 2: New Deadline July 31

The National Cybersecurity Agency extends the deadline for submitting NIS information. Here’s why.

Extension to July 31: The National Cybersecurity Agency reports that so far about half of the obliged entities have partially entered the required NIS 2 information, while over a thousand have already sent it to the competent authority.
The portal for filling out the form included unclear fields, and many companies started raising tickets to ask for clarifications.
For example, the “IP address space and domain names” field did not allow IPv6 addresses, and they didn’t state that limit.

Given these issues, they first proposed to grant the July 31 extension only to those who reported a problem, but the wave of requests pushed the Authority to extend it to all companies.

NIS 2 extension to July 31: how to turn two extra months into a real advantage

The delay to July 31, 2025 becomes an opportunity. You can truly strengthen your security posture and avoid the usual last-minute rush and the risk of heavy fines.

Why the extension is an opportunity, not an excuse to postpone

Two more months let you:

• Strengthen governance: set clear responsibilities, define escalation channels, and set up reporting.
• Boost monitoring tools: enable real-time logs and alerts.
  

Threats do not wait for deadlines, and delaying decisions or investments now still exposes you to growing risk of breaches and downtime.

A three-step path, simple and sustainable

Current state snapshot
Map critical systems, spot vulnerabilities, and check how much you already meet NIS 2 requirements. Conduct a quick assessment (interviews, technical checklists, policy review) to reveal priorities at once.

Strategic plan
Turn gaps into a roadmap: assign budget, set responsibilities, and define interim deadlines. Use small work blocks with weekly deliveries to avoid bottlenecks.

Gradual implementation and verification
Start with high-impact controls, like reliable backups, patch management, and strong authentication, then move to complementary measures. Test and review each step so by July you upload validated data to the portal.

Where to invest immediately

-SIEM and threat intelligence for continuous, contextualized event monitoring.
-Automated incident response solutions: ready playbooks cut reaction times from hours to minutes.
–Backup and disaster recovery with geographic replication: essential to ensure business continuity.
-Security workflow automation, so IT does not drown in alerts.

Prepare for the post-extension

The National Cybersecurity Agency already makes clear that after the extension ends, it will carry out checks. Those who use this period well will gain a competitive edge: they can prove compliance, show reliability, and offer safer services to clients.

This delay gives you valuable time to build a more resilient infrastructure, train employees, and retain customers.