In May 2018, the EU Network Information Security Directive (NISD) came into force. Over the past 12 months, regulators and competent authorities have been working with industry to determine a common security baseline in the critical national infrastructure and digital services sectors. This report examines the current state of NISD preparedness across Europe and gives CISOs advice to get your organization ready by using existing security capabilities and investments.