What is new about NIS2 directive?
The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, to achieve a high common level of cybersecurity across the Member States. To respond to the growing threats posed with digitalization and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonized sanctions across the EU.
The proposed expansion of the scope covered by the NIS2 directive, by effectively obliging more entities and sectors to take measures, would assist in increasing the level of cybersecurity in Europe in the longer term.
As a result of NIS2, the covered companies and organizations must meet particularly stringent obligations in two key areas: risk management and reporting to authorities. In addition, the authorities will have significantly strengthened supervisory powers.
Which industries does it cover?
EU NIS2 directive applies to all basic service providers, including: Healthcare, Water Supply, Transport, Energy, Banking & Financial market infrastructure, Digital Service Providers, Digital Infrastructure, Wastewater & Waste management, Food, Public Administration, Space, Postal and Courier Services, Manufacturing of Critical Products (Pharmaceuticals, Medical Devices, Chemicals).