The NIS2 will provide the framework for cybersecurity risk management measures and reporting obligations in specified sectors, such as energy, transport, health, and digital infrastructure. Furthermore, the NIS2 seeks to harmonise cybersecurity requirements and the implementation of cybersecurity measures in each member state. To this end, the directive establishes minimum rules for the regulatory environment and mechanisms for effective cooperation between the competent authorities in the member states. NIS2 also extends the list of sectors and activities subject to cybersecurity obligations and provides for remedies and sanctions to safeguard implementation. Compared to the previous NIS Directive, the new rules of NIS2 officially establish the European Cyber Crisis Liaison Organisation Network (EU-CyCLONe), which will provide for coordinated management of large-scale cyber security incidents and crises.
Key points of the NIS2 Directive
- Extended personal scope of the NIS2 Directive
The provisions of the NIS2 applies to all entities that provide services or carry out activities in the EU matching the description of either an “essential” or an “important” entity in a…
