The exact impact of the NIS2 Directive on SMEs may vary depending on the sector and specific requirements that apply to them. However, in general, it is expected that SMEs will need to invest in cybersecurity measures to comply with the NIS2 Directive and ensure the protection of their data and systems. The current NIS2 proposal leaves Member States the discretion to define which SMEs are essential or important to their respective economy and society, thereby leading to a high level of legal ambiguity for the SMEs operating across multiple Member States.