---
title: NIS2 Extension Companies July 2025
description: NIS2 deadline extended to July 31, 2025 for companies. Learn what changed, who is affected, and how to prepare before the new compliance deadline.
canonical: https://www.aegister.com/en/cms/insights/nis2-extension-companies-july-2025/
url: /en/cms/insights/nis2-extension-companies-july-2025/
lang: en
---

![](/static/images/header-contact.webp)

# NIS 2: Deadline Extension for Companies Until July 31

---

![NIS 2: Deadline Extension for Companies Until July 31](/static/images/cms/nis2-extension-companies-july-2025.webp)

## NIS 2: Deadline Extension for Companies Until July 31

May 27, 2025

[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
[cybersecurity](/en/cms/keyword/cybersecurity/)
[monitoring](/en/cms/keyword/monitoring/)
+4

The **Italian National Cybersecurity Agency (ACN)** has extended the deadline to **July 31, 2025**, for NIS entities that have requested support in finalizing their annual data update. This extension also allows organizations to plan information sessions for their administrative and executive bodies.

Additionally, the electronic acknowledgment required by Article 16 of Determination No. 136117 (April 10) can be completed even after the July 31 deadline.

## Annual Information Update Requirements

The annual information update, as required by Article 7 (paragraphs 4 and 5) of the NIS decree and regulated by Article 15 of ACN Determination 136117/2025, involves the following steps:

- Invite the alternate point of contact
- Verify and update the NIS entity's registration data, including:
  - Tax code
  - Company name
  - Registered office
  - Legal representative
  - List of general proxies
  - Phone contacts
  - Digital domicile
  - Functional email address
- List the members of administrative and executive bodies (individuals responsible under Article 38, paragraph 5 of the NIS decree)
- Invite the secretariat, if appropriate
- List services falling within Directive 2022/2555, specifying in which EU member states they are offered
- Indicate static (public) IP addresses and domain names in use or available to the NIS entity
- List information sharing agreements

The point of contact and alternate must verify the accuracy and currency of their personal and contact information. If required, the delegation granted by the entity's legal representative must be verified to ensure it is correct, up-to-date, and compliant with Article 4 of the cited determination.

## Additional Requirements for Specific Organizations

Organizations specified in Article 7 (paragraph 5) and Article 5 (paragraph 1, letter b) must share additional information regarding their locations within the European Union and their NIS representative in Italy.

## How NIS 2 Applies to Companies

Following **Legislative Decree 138/2024**, all companies operating in critical sectors are required to register with ACN. This registration triggers monitoring and compliance responsibilities as outlined by [Aegister's guide to NIS 2 obligations](/en/cms/insights/nis2-obligations-italian-organizations-2025/).

Key deadlines include:

- **February 28, 2025:** Initial registration deadline
- **July 31, 2025:** New deadline for annual monitoring update
- **January 2026:** Start of mandatory incident notification
- **October 2026:** Deadline for adoption of security measures

## Critical Sectors and Compliance Roles

The NIS 2 directive identifies **18 sectors**, 11 of which are labeled highly critical. Companies are classified as either:

- **Essential entities:** Subject to stricter checks
- **Important entities:** Same obligations, lighter supervision

Small businesses are involved only if they operate in digital infrastructure and services. Medium enterprises fall under the 'important' category, while large companies are typically 'essential entities'.

## Ongoing Support and Strategic Guidance

To support affected organizations, [Aegister offers Virtual CISO services](/en/solutions/virtual-ciso/) and dedicated compliance solutions that align with the NIS 2 regulatory framework. These services help businesses meet both **short- and long-term cybersecurity goals**.

Read the official announcement from ACN: [NIS: Deadline extended to July 31](https://www.acn.gov.it/portale/w/nis-slitta-al-31-luglio-il-termine-per-gli-aggiornamenti)

## FAQ

### What is the main objective of this project?

The project focuses on developing and operationalizing cybersecurity capabilities for target organizations in scope.

### Which funding framework supports the initiative?

The article references PR FESR/Campania Startup funding context and related decree identifiers for the initiative.

### What timeline is stated for implementation?

The timeline is defined in the project timeline section of this article.

## Official sources

- [Official reference 1](https://www.regione.campania.it/)
- [Official reference 2](https://commission.europa.eu/funding-tenders/find-funding/eu-funding-programmes/european-regional-development-fund-erdf_en)
- [Official reference 3](https://commission.europa.eu/)
- [Official reference 3](https://www.acn.gov.it/portale/w/nis-slitta-al-31-luglio-il-termine-per-gli-aggiornamenti)

Share this post

## Related News

[![NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-detection-de-event-monitoring/)

[NIS2 Detection Controls (DE): Event Monitoring and Adversarial Signal Handling](/en/cms/insights/nis2-detection-de-event-monitoring/)

[The NIS2 Detection (DE) domain requires monitoring networks, services, and endpoints to identify adverse events early. Practical guide to log readiness, detection logic, triage, and incident handoff.](/en/cms/insights/nis2-detection-de-event-monitoring/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+11

[![New NIS Subjects in 2026: Incident-Notification and Baseline-Measure Deadlines](/static/images/cms/nis-registrazione-2026-scadenza.webp)](/en/cms/insights/new-nis-subjects-2026-incident-notification-deadlines/)

[New NIS Subjects in 2026: Incident-Notification and Baseline-Measure Deadlines](/en/cms/insights/new-nis-subjects-2026-incident-notification-deadlines/)

[The ACN 2026 timing determination sets a distinct implementation path for entities first listed in the Italian NIS perimeter during 2026: significant-incident notification starts on 1 January 2027 and baseline security measures must be adopted by 31 July 2027.](/en/cms/insights/new-nis-subjects-2026-incident-notification-deadlines/)

[ACN](/en/cms/keyword/acn/)
[compliance](/en/cms/keyword/compliance/)
+8

[![ACN NIS 2026 Platform Rules and New Deadlines: Master Overview](/static/images/cms/nis2-basic-measures-acn.webp)](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[ACN NIS 2026 Platform Rules and New Deadlines: Master Overview](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[ACN's April 2026 package sets new NIS deadlines for subjects listed for the first time in 2026 (incident notification from 1 January 2027, baseline measures by 31 July 2027) and updates the platform operating rules for registration, annual and continuous updates, relevant suppliers, and categorization.](/en/cms/insights/nis-acn-platform-2026-new-deadlines-overview/)

[NIS2](/en/cms/keyword/nis2/)
[ACN](/en/cms/keyword/acn/)
+8

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)