A directive known as NIS2 was enacted in the European Union (EU) in late 2022. It deals particularly with European critical infrastructures, enlarging their scope substantially from an older directive that only considered the energy and transport sectors as critical. The directive's focus is on cyber security of critical infrastructures, although together with other new EU laws it expands to other security domains as well. Given the importance of the directive and most of all the importance of critical infrastructures, the paper presents a systematic literature review on academic research addressing the NIS2 directive either explicitly or implicitly. According to the review, existing research has often framed and discussed the directive with the EU's other cyber security laws. In addition, existing research has often operated in numerous contextual areas, including industrial control systems, telecommunications, the energy and water sectors, and infrastructures for information sharing and situational awareness. Despite the large scope of existing research, the review reveals noteworthy research gaps and worthwhile topics to examine in further research.

翻译：一项名为NIS2的指令于2022年末在欧盟正式颁布。该指令特别针对欧洲关键基础设施，其适用范围较旧版指令（仅将能源和交通部门视为关键领域）有了实质性扩展。尽管该指令与其他欧盟新法规共同扩展至其他安全领域，但其核心仍聚焦于关键基础设施的网络安全。鉴于该指令的重要性，尤其是关键基础设施的战略意义，本文对明确或隐含涉及NIS2指令的学术研究进行了系统性文献综述。综述表明，现有研究常将本指令与欧盟其他网络安全法规置于同一框架中进行探讨。此外，现有研究广泛涉及工业控制系统、通信、能源与水务、信息共享与态势感知基础设施等多个情境领域。尽管现有研究范围广泛，本综述仍揭示了值得关注的研究空白及有待深入探索的重要议题。