Blog
Topic
All
AIoT
SMB Solutions
Products and technologies
Industries
All
Retail
Traffic
Education
Logistics
Banking
Building
Energy
Manufacturing
Sports
Sustainability
Sustainability
Business trends
Business trends
Cybersecurity
Cybersecurity
Partner and customer experience
Deep learning
Thermal
AI
Events
Alarm
Access control
Video Intercom
Security Operations
Trends
Solution
LED
Software
Resources and events
IFPD
WonderHub
Virtual Production
Hikvision eLearning
Search blog
Blog
Filter
Cancel
Topic
All
AIoT
SMB Solutions
Products and technologies
Industries
All
Retail
Traffic
Education
Logistics
Banking
Building
Energy
Manufacturing
Sports
Sustainability
Sustainability
Business trends
Business trends
Cybersecurity
Cybersecurity
Partner and customer experience
Deep learning
Thermal
AI
Events
Alarm
Access control
Video Intercom
Security Operations
Trends
Solution
LED
Software
Resources and events
IFPD
WonderHub
Virtual Production
Hikvision eLearning
Reset
Submit

What You Need to Know About NIS2, AI Act and CRA

In today’s rapidly evolving regulatory landscape, businesses face increasing cybersecurity obligations under a growing number of laws and regulations. These often-overlapping frameworks can easily create confusion, especially regarding requirements, timelines and their application to the security technologies you rely on.

 

To help our partners and customers navigate this complexity, we’ve compiled a clear overview of three key EU regulations shaping the future of cybersecurity and product compliance: the NIS2 Directive, the AI Act and the Cyber Resilience Act (CRA).

 

Below, you’ll find a summary of each regulation, what’s changing, and how Hikvision is responding to ensure our products meet the highest security, transparency and compliance standards.

 

 

What is the NIS2 Directive?

 

The NIS2 Directive strengthens the EU’s cybersecurity framework, replacing and building upon the 2016 NIS Directive (NIS1). Its primary goal is to strengthen collective cybersecurity across EU Member States in response to increased cyber threats. The Directive focuses on enhancing cybersecurity enforcement, fostering cooperation among cybersecurity authorities, securing supply chains, and clearer incident reporting processes.

 

It applies to all companies, suppliers, and organizations, including non-EU entities, delivering essential or important services in the EU, such as operators in energy, transport, healthcare, digital infrastructure, public administration, as well as key digital services and manufacturers of critical products.

 

NIS2’s transposition into national law, due by October 2024, remains ongoing, and its practical implementation may vary across EU Member States. Operating and providing service throughout Europe from headquarters in the Netherlands, Hikvision will ensure strict adherence to all the legal requirements set forth by Dutch authorities and promptly complete the necessary registration procedures once the NIS2 Directive is formally implemented.

 

It is also important to note that NIS2 does not currently include an official certification scheme, and there is no “NIS2-compliant” product label.

 

Hikvision’s Approach

 

Hikvision goes beyond regulatory compliance and we adhere to internationally recognized cybersecurity standards, including ISO 27001, ISO 27701 and CSA STAR, ETSI EN 303645, Common Criteria (CC) and Cybersecurity Labeling Scheme (CLS).

 

Recently, Hikvision has also achieved IEC 62443-4, a standard for industrial network security, which supports secure product development practices that align with NIS2 requirements for risk management, cybersecurity by design and ensuring that products are secure throughout their lifecycle.

 

To support industry understanding, we’ve released an updated Guide to the NIS2 Directive  with insights into the main changes and requirements introduced by this regulatory framework.

 

What is the AI Act?

 

The EU AI Act is the world’s first comprehensive law regulating the development and use of Artificial Intelligence (AI). It is part of a broader framework designed to manage risks while promoting trustworthy AI. The legislation categorizes risk into four distinct levels with regulatory requirements increasing by level: Unacceptable Risk (prohibited), High Risk (subject to strict obligations), Limited Risk (transparency requirements) and Minimal Risk (mostly unregulated).

 

The AI Act took effect on August 1, 2024, but its implementation is gradual. Prohibitions for unacceptable risks have been in force since February 2, 2025 while the requirements for High-Risk AI systems are expected to come into effect on August 2, 2027.

 

In light of the EU’s ongoing focus on strengthening competitiveness, legislative efforts are underway to simplify parts of its technology regulation. This includes discussions on the AI Act, with some Member States and companies calling to pause the implementation timeline. Hikvision is monitoring these developments closely to ensure compliance with the evolving EU regulatory framework.

 

Hikvision’s Approach

 

Hikvision is continuously enhancing its compliance measures, grounded in the principle of “Tech for Good”, leveraging technology to improve societal well-being.

 

Hikvision is firmly committed to not developing any products that would be utilized for AI practices falling under the ‘Unacceptable Risk’ category, which are prohibited by the EU AI Act. We also require our clients and end-users to respect the same principles and refrain from applying Hikvision’s products in violation of the AI Act.

 

Hikvision is also actively reviewing its AI products and closely monitoring the upcoming technical requirements and compliance pathways, including High-Risk AI system certification processes.

 

 

What is the Cyber Resilience Act (CRA)?

 

The CRA introduces mandatory cybersecurity rules for all digital products sold in the EU – including video surveillance cameras, software and connected systems. The regulation focuses on:

  • Embedding security throughout the product lifecycle
  • Ensuring timely vulnerability reporting and incident handling
  • Improving transparency and trust for end-users

 

The CRA also establishes rules and conditions for affixing the CE marking, indicating a product’s conformity assessment and compliance with the regulation's cybersecurity requirements.

 

While the CRA is already in force, key operational requirements apply gradually, starting with manufacturers’ reporting obligations concerning actively exploited vulnerabilities applying from September 2026, with full application by the end of 2027.

 

Hikvision’s Approach

 

At Hikvision, we welcome this regulation and fully support its mission. We have actively contributed to the EU’s public consultation on the CRA and the corresponding consultation on the technical description, providing insights based on our expertise and experience to help shape realistic, effective and implementable cybersecurity requirements, to protect end-users.

 

We adhere to rigorous global standards and certifications and have taken additional steps, including:

  • Secure-by-Design development: We integrated security into every stage of the product lifecycle, including architecture design, vulnerability scanning and penetration testing.
  • Responsible vulnerability management: Hikvision is a CVE Numbering Authority, and we ensure that vulnerabilities are patched quickly, transparently disclosed and communicated to partners and users.
  • Customer-focused security support: We provide clear documentation, best-practice guides and security update notifications to help users configure and operate systems securely.
  • Lifecycle protection: Our products are supported with regular security updates and ongoing testing throughout their operational life.

For more details, please visit our Cybersecurity Webpage

 

Download

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

Contact Us
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.