The necessity to achieve elevated levels of IT security is becoming a priority for companies that are increasingly using digital technologies and are therefore exposed to the risk of attacks on their systems. To counter this emerging phenomenon, the European Union issued Directive (EU) 2022/2555 (NIS2), published on 27 December 2022. The document contains regulations and indicates strategies that, if applied, will increase the level of cybersecurity in all member states, making it the most important of all the regulations issued. The objective of this research is to analyse what we can define as the "main challenges" that NIS2 poses to organisations in order to adapt to the requirements placed upon them, and also to highlight the consequent impact at an organisational and operational level that such compliance entails.