Skip to content

The EU’s new NIS2 Directive on Cybersecurity

Article by Tsaaro

7 min read

The EU’s new NIS2 Directive on Cybersecurity

On account of the increasing degree of digitization and interconnectedness in society, the European commission noted concern on the rising number of malicious activities at the global level and decided to update the 2016 NIS directive (Directive (EU) 2016/1148). In follow up to the directive proposed in December 2020, the European Parliament and EU member states reached a political agreement for a high common level of cybersecurity across the Union (Network and information systems 2 Directive i.e., the NIS2 Directive). The new directive aims at improving cybersecurity and the resilience of both public and private sector entities in the European Union.

In the series of control over the ill effects of the digital revolution, recently, the European Commission proposed a plan to “detect, report, block, and remove” child sexual abuse images and videos from online service providers, including messaging apps, an action that prompted concerns that it may undermine end-to-end encryption (E2EE) protections. In a similar vein,  the draft version of NIS2 explicitly spells out that the use of E2EE “should be reconciled with the Member States’ powers to ensure the protection of their essential security interests and public security and to permit the investigation, and detection and prosecution of criminal offences in compliance with Union law.”,

THE ISSUE WITH NIS DIRECTIVE

The scope of implementation left to the member states led to fragmentation across states. The reasons for such fragmentation include the unclear delimitation of the NIS Directive’s scope of application, security and incident reporting obligations, and the supervision and enforcement requirements.

NETWORK AND INFORMATION SYSTEM 2

Scope:

With a significant increase in the number of entities covered, the NIS2  obliges more sectors to take technical and organisational measures to manage risks posed to the security of networks and information systems. In fact, where the NIS Directive included in its scope of application operators of essential services and digital services providers, the NIS 2 Directive proposes to replace the same with two new categories of entities

Now the NIS2 Includes:

    • Annex I: ‘Essential sectors’ covered by the new security provisions include: health, energy, transport, banking, digital infrastructure, public administration and space sectors.
    • Annex II: ‘Important sectors’ include: entities manufacturing medical devices, postal services, waste management, food production and processing and digital providers.

Public and Private:

Article 2  of the NIS 2 Directive establishes that the directive applies to certain public and private ‘essential entities’ operating in the sectors listed in Annex I of the Directive (energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, and space) and to certain ‘important entities’ operating in the sectors listed Annex II of the NIS 2 Directive (postal and courier services, waste management, manufacture, productions, and distribution of chemicals, food production, processing, and distribution, manufacturing, and digital providers). In addition, a size-cap rule is introduced, according to which all medium and large entities, as defined by Commission Recommendation 2003/361/EC of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises, operating in the above mentioned sectors, would automatically fall within the NIS 2 Directive’s scope of application (Recital 8 of the NIS 2 Directive).

Flagging & Into Effect:

The revamped legislation requires the flagging of cyber security incidents within 24 hours of the reporting, failing which monetary penalties can be imposed. Also, as per the agreement, the European Union member states are mandated to incorporate the provisions into their national law within a period of 21 months from when the directive goes into force.

Note: For the adoption of the NIS2 Directive, both the Parliament and the Council, as co-legislators, will need to agree on the final text.

220 thoughts on “The EU’s new NIS2 Directive on Cybersecurity”

  1. I’ve been exploring for a little bit for any high quality articles or blog posts on this sort of area . Exploring in Yahoo I at last stumbled upon this site. Reading this info So i am happy to convey that I’ve a very good uncanny feeling I discovered exactly what I needed. I most certainly will make certain to do not forget this web site and give it a glance regularly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Tsaaro Consulting

INTRODUCTION: In a recent ruling, the Competition Commission of India (CCI) has slapped a heavy fine of 213.14 crore on …

Tsaaro Consulting

In today’s dynamic and fast-paced corporate environment businesses are increasingly adopting staff augmentation as a flexible workforce solution to address …

Tsaaro Consulting

In today’s fast-paced business environment, organisations are constantly seeking innovative methods to adapt and scale efficiently. Staff Augmentation Consulting services, …

Tsaaro Consulting

INTRODUCTION: In today’s interconnected world, businesses operate across borders, serving customers globally. This inevitably leads to the transfer of personal …

Krishna

INTRODUCTION: The Personal Data Protection Law No. 6698, known as Kişisel Verileri Koruma Kanunu (KVKK), is Türkiye’s landmark data protection …

Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.