The NIS2 Directive is an EU-wide legislation on cybersecurity which updates the existing 2016 NIS Directive. This Directive will provide legal measures to boost the overall level of cybersecurity in the EU, by modernising the existing legal framework to keep up with regulations in an increasingly digitised world and an evolving cybersecurity threat landscape.
Expanding the scope of the cybersecurity rules to new sectors and entities, the Directive will further improve the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
Elements of the Directive that directors should be aware of include:
- Strengthens the culture of security across sectors that are vital for our economy and society, particularly those that rely heavily on ICT. These sectors include energy, transport, water, banking, healthcare and digital infrastructure. For financial market infrastructures, the Digital Operational Resilience Act (DORA) will take priority;
- Ensures businesses identified by the Member States as operators of essential services in the above sectors take appropriate security measures and notify relevant national authorities of serious incidents;
- Increases responsibility for boards and management bodies of organisations;
- Introduces risk management measures, and;
- Requires key digital services provides, such as search engines, cloud computing providers and online marketplaces, to comply with the security and notification requirements of the Directive.
National Cyber Security Centre (NCSC)
More resources on the NIS2 Directive can be found on the National Cyber Security Centre (NCSC) website.