NIS2 ↔ ISO27001 ↔ NDAA

Key differences in a nutshell

NIS2 is about what you legally have to do if you live in Europe and your business is important enough to run the state.

ISO 27001 is about how you prove you take security seriously. It often serves as a great foundation for meeting the requirements of NIS2.

The NDAA (especially Section 889) addresses who you can't buy hardware from. This mainly affects manufacturers like Huawei, Hikvision, and Dahua. If you want to ship to the US or to companies there, you must not have these brands on your network.