The increasing digitalization of enterprises and public authorities has resulted in the growing importance of information technology in everyday operations. In this context, an information security management system (ISMS) has become an essential aspect for most organizations. The dependency on technology for almost every single process in an organization has put ISMS at the top of the corporate agenda of public sector organizations. For public organizations in particular, the NIS 2 Directive describes abstract requirements for the development of an ISMS. On the other hand, only a few public administrations operate an ISMS. In this context, this article analyses the requirements of the NIS-2 Directive and complements them with the obstacles...