There is a theory that there is a Brussels effect, which is similar to a butterfly effect but for regulation and law-making.
The butterfly is Brussels – and whatever happens in Brussels ends up happening outside of Brussels. This has been the case for NIS, which comes from the Directive on Security of Network and Information Systems across the EU.
The NIS Directive set in place legal measures to increase the level of cybersecurity in the EU, focusing on protecting critical infrastructure. But that was back in 2016. The NIS needed to be updated and clarified, as well as enlarged in terms of scope and the sectors covered.
Increased digitalisation and higher interconnectedness meant the original NIS Directive did not adequately reflect the digitalised sectors providing critical services to the economy and society as a whole.
The update came on 18 October this year.
ENTER NIS2
NIS2 will apply automatically to all organisations identified as operators of critical infrastructure, which under NIS2 become essential entities. Enterprises that are identified as operators of essential services (OES) or digital service providers (DSP) shall be the same in NIS2.
It is important to…
