The European NIS 2 directive has turned the rules of the game in cybersecurity on their head. It imposes new obligations on thousands of companies, far beyond just large infrastructures.