The number, magnitude, sophistication, frequency and impact of incidents are increasing and present a major threat to the functioning of network and information systems. As a result, incidents can impede the pursuit of economic activities in the internal market, generate financial loss and cause significant damage to the Union’s economy and society. Therefore, effectiveness in cybersecurity is becoming increasingly vital for the proper functioning of the internal market. On December 14, 2022, the EU legislator adopted a directive on measures for a high common level of cybersecurity across the Union, called the NIS 2 Directive. The new NIS 2 directive aimed to lay down mechanisms for effective cooperation among the responsible authorities in each Member State and to update the list of sectors and activities subject to cybersecurity obligations. The article reviews the entities involved in the policy of ensuring the security of network and information systems in the light of the NIS 2 directive.