What is the EU NIS 2 Directive?
The EU NIS 2 Directive, officially known as the Directive on measures for a high common level of cybersecurity across the Union, is a piece of legislation aimed at strengthening cybersecurity across the European Union. It entered into force on January 16, 2023, and EU member states have until October 17, 2024, to transpose it into national law.
Here are some critical aspects of the NIS 2 Directive:
- Broader scope: Compared to the original NIS Directive, NIS 2 significantly expands the range of entities subject to its provisions. This includes essential operators in sectors like energy, transportation, and healthcare and medium and large enterprises in sectors like waste management, postal services, and manufacturing.
- Enhanced cybersecurity requirements: The directive imposes stricter cybersecurity risk management obligations on entities within its scope. These include implementing appropriate technical and organisational measures, conducting regular risk assessments and incident reporting, and having a dedicated cybersecurity response plan.
- Increased oversight and enforcement: NIS 2 establishes a framework for more substantial supervision by national authorities, including the ability to conduct inspections, impose sanctions for breaches, and cooperate across borders.
- New elements: The directive also introduces new elements, such as supply chain risk management, vulnerability disclosure requirements, and the obligation to use encryption for specific data types.
Overall, the EU NIS 2 Directive represents a significant step forward in improving cybersecurity across the European Union. By imposing stricter requirements and enhancing oversight, it aims to make EU entities more resilient against cyber threats and protect the digital single market.
Here are some additional resources where you can learn more about the EU NIS 2 Directive:
- The official text of the directive: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32022L2555&qid=1701488533305
- European Commission website: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
- Think tank analysis: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive