What is NIS2?
The Evolution of EU Cybersecurity Legislation: From NIS to NIS2 Directive
The ‘Network and Information Systems’ Directive (NIS) was the first piece of EU-wide cybersecurity legislation aimed at harmonizing security requirements and encouraging cooperation. The safety and security of network and information systems are crucial for the European Commission in realizing an internal digital market.
To respond to the growing threats posed by digitalization and the surge in cyber-attacks, the European Commission proposed its successor, the NIS2 Directive. The NIS2 Directive extends the scope, requiring many EU businesses to comply with due diligence obligations from a cybersecurity perspective. These obligations include taking sufficient cybersecurity measures and timely notifying incidents with significant effects.
EU member states must incorporate the provisions of NIS2 into their national legislation by October 17th, 2024.
Some NIS2 requirements
Risk
Management
NIS2 introduces new requirements for risk management, including incident management, supply chain security, and enhanced network security.
Corporate Accountability
The directive mandates that corporate management oversee and approve cybersecurity measures, with potential penalties for non-compliance.
Reporting
Obligations
Specific notification deadlines, such as a 24-hour early warning for significant incidents, are now required.
Business
Continuity
Organizations must have plans for ensuring business continuity during and after major cyber incidents.