Skip to main contentSkip to main content
Back to Glossary
Cybersecurity

Important Entity

Under NIS2, a medium-sized organization in covered sectors subject to cybersecurity obligations with reactive supervision.

Important entities under NIS2 have significant but less stringent obligations than essential entities, with supervision primarily triggered by incidents or complaints.

Classification Criteria An entity is important if it:

  • Operates in a covered sector (including space)
  • Is medium-sized (50-249 employees or €10-50M turnover)
  • Does not qualify as essential
  • Provides services with significant impact

Obligations Important entities must:

  • Implement appropriate security measures
  • Report significant incidents
  • Address security risks
  • Maintain incident response capability

Supervision Regime

  • Reactive (ex-post) supervision
  • Triggered by incidents or evidence of non-compliance
  • Lighter audit requirements
  • Self-assessment acceptable

Penalties Non-compliance can result in:

  • Fines up to €7 million or 1.4% of global turnover
  • Management recommendations
  • Compliance orders

Space Sector Examples

  • Medium-sized satellite operators
  • Ground station service providers
  • Space data processors
  • Launch service companies

Previous
IADC Guidelines
Next
In-Space Service Operator