The European Parliament and Council dropped an early Christmas present on all stakeholders in the digital environment and critical infrastructure that may feel to some like a bit of coal in the stocking, as it will require significant new investments and efforts.
On 14 December 2022 the EU’s Official Journal published the new EU Directive 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2) – this will take effect on 17 January 2023 (and also repeals the prior NIS Directive 2016/1148). Like the previous NIS Directive, the aim of NIS2 is to ensure a high common level of cybersecurity across the European Union (EU), but it broadens the scope to additional relevant sectors and introduces new obligations, forming part of a wider EU effort to strengthen the resilience of European infrastructure, including the draft Cyber Resilience Act (CRA) and the EU Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) (see our respective alert here). This trend does not only manifest in Europe but we see various cybersecurity regulation efforts around the world, for instance in the US, China and Australia.
Especially…
