Why does the distinction between 'Essential' and 'Important' matter?

March 30, 2026 GISBA Editorial Team

Back to All Articles Why does the distinction between 'Essential' and 'Important' matter?

The primary difference isn't what you have to do (the security requirements are almost identical), but how the Regulator treats you:

· Essential Entities (Proactive): The regulator can audit you at any time just to check your homework, even if you haven't had a breach.

· Important Entities (Reactive): The regulator typically only shows up if there is "evidence" of a problem (like a major breach or a whistleblower report)

March 30, 2026 General Topics

All Articles

Ready to take action on NIS2 compliance?

Our expert consultants are ready to help you build and implement a tailored programme that meets regulatory requirements and protects what matters most.

Explore NIS2 Toolkit Speak to a Consultant

About the Author

GISBA Editorial Team GISBA Cybersecurity & Compliance Consultants

Practising consultants with hands-on experience delivering ISO 27001, NIS2, and business continuity programmes across global organisations since 2006.

Our Services

Why does the distinction between 'Essential' and 'Important' matter?

Get the NIS2 Implementation KIT

Ready to take action on NIS2 compliance?

Get the NIS2 Implementation KIT