The Network and Information Security Directive is the European Union’s first law specifically focused on cybersecurity. It aims to improve the cybersecurity capabilities of the EU’s critical infrastructure by setting security and incident notification obligations across many types of organisations offering essential and digital services. This paper provides an overview of the security and incident notification obligations of the EU NIS Directive and outlines how a Security Operating Platform can help.