• Home
  • eAlerts
  • EU adopts NIS2 Directive to enhance cybersecurity and resilience

EU adopts NIS2 Directive to enhance cybersecurity and resilience

EU
04/01/2023
Download PDF

The NIS2 will provide the framework for cybersecurity risk management measures and reporting obligations in specified sectors, such as energy, transport, health, and digital infrastructure. Furthermore, the NIS2 seeks to harmonise cybersecurity requirements and the implementation of cybersecurity measures in each member state. To this end, the directive establishes minimum rules for the regulatory environment and mechanisms for effective cooperation between the competent authorities in the member states. NIS2 also extends the list of sectors and activities subject to cybersecurity obligations and provides for remedies and sanctions to safeguard implementation. Compared to the previous NIS Directive, the new rules of NIS2 officially establish the European Cyber Crisis Liaison Organisation Network (EU-CyCLONe), which will provide for coordinated management of large-scale cyber security incidents and crises.

Key points of the NIS2 Directive

  • Extended personal scope of the NIS2 Directive
  • Reporting obligations
  • Requiring additional risk management and cybersecurity measures
  • The additional responsibility of management
  • Stricter supervision rules
  • Registration obligations
  • Strengthened European cooperation

Next steps

The NIS2 Directive was published on 27 December 2022 and will enter into force on 16 January 2023. EU member states have until 17 October 2024 to adopt and publish the provisions necessary to comply with the Directive until 17 October 2024.

For more information on the new NIS2 Directive, contact your CMS client partner and local CMS experts.

Article co-athored by Daniella Huszár

Search Filters

Advanced Search

Key contacts

Related content