In order to strengthen the EU’s public and private sectors’ resilience and incident response capabilities, the Council adopted legislation mandating a uniformly high level of cybersecurity across the Union.
The NIS2 directive will replace the existing directive on network and information system (NIS) security.
There is no doubt that cybersecurity will continue to be a major challenge in the coming years. The stakes are extraordinarily high for our economies and our citizens. Today, we took another step toward enhancing our capacity to combat this threat, according to Ivan Bartoš, Czech Deputy Prime Minister for Digitalization and Minister of Regional Development.
As a result of NIS2, all sectors covered by the directive, such as energy, transportation, health, and digital infrastructure, will have a standard for managing cybersecurity risk and meeting reporting requirements.
The revised directive aims to standardize the implementation of cybersecurity measures across all EU member states and the requirements for their implementation. To achieve this, it establishes the basic rules for a regulatory framework and specifies how authorities from member states can collaborate effectively. It modifies the industries and activities required to comply with cybersecurity regulations and adds enforcement mechanisms, such as remedies and sanctions.
As part of the directive, the European Cyber Crises Liaison Organisation Network (EU-CyCLONe) will be formally established to aid in the coordinated management of major cyber incidents and crises.
The directive will go into effect 20 days after it is published in the EU’s official journal.