Exploring NIS2 Compliance in the Energy Sector Using AI-Driven Cyber Threat Intelligence

Abstract

The NIS2 Directive introduces stricter requirements for how essential entities, including energy-sector operators, must manage cybersecurity risks and report incidents. In practice, many organisations face difficulties in transforming these legal obligations into concrete, daily security operations, especially in operational technology (OT) environments where visibility, logging, and coordinated responses are often limited. This paper examines how SecureAI, an AI-based anomaly detection and enrichment tool within the Cyber Threat Intelligence (CTI) ecosystem, can help energy operators meet key NIS2 obligations. The study is based on a qualitative desk-research approach, a comparative mapping of SecureAI capabilities against NIS2 Articles 20-26, and a realistic OT case scenario based on recent intrusion patterns. Prior research shows that AI can detect industrial anomalies faster and more accurately than rule-based systems, and that automated CTI processing can turn raw alerts into structured and shareable intelligence. At the same time, NIS2 requires accountable use of such tools, meaning that human oversight, transparency of analysis, and reliable evidence generation must be part of AI-supported workflows. These requirements guided the assessment. The analysis shows that SecureAI supports several key NIS2-related tasks. It identifies unusual behaviour in network and host telemetry, enriches findings with asset information and event relationships, and produces structured alert objects that support operator decision-making. The CTI Framework then converts these enriched alerts into STIX/TAXII objects suitable for reporting, documentation, and intelligence exchange. The case scenario–an unauthorised remote-access intrusion followed by suspicious HMI-PLC activity–demonstrates how SecureAI can highlight the anomaly, provide context for understanding its impact, and supply material for reporting and further investigation.