The NIS 2 Directive also strengthens cybersecurity requirements imposed on the companies, addresses security of supply chains and supplier relationships and introduces accountability of top management for non-compliance with the cybersecurity obligations.
The Commission welcomes the political agreement reached today between the European Parliament and EU Member States on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) proposed by the Commission in December 2020.
The existing rules on the security of network and information systems
(NIS Directive), have been the first piece of EU-wide legislation on
cybersecurity and paved the way for a significant change in mind-set,
institutional and regulatory approach to cybersecurity in many Member
States. In spite of their notable achievements and positive impact, they
had to be updated because of the increasing degree of digitalisation
and interconnectedness of our society and the rising number of cyber
malicious activities at global level.
To respond to this increased exposure of Europe to cyber threats, the NIS 2 Directive now
covers medium and large entities from more sectors that are critical
for the economy and society, including providers of public electronic
communications services, digital services, waste water and waste
management, manufacturing of critical products, postal and courier
services and public administration, both at central and regional level. It
also covers more broadly the healthcare sector, for example by
including medical device manufacturers, given the increasing security
threats that arose during the COVID-19 pandemic. The expansion of the
scope covered by the new rules, by effectively obliging more entities
and sectors to take cybersecurity risk management measures, will help
increase the level of cybersecurity in Europe in the medium and longer
term.
The NIS 2 Directive also strengthens cybersecurity requirements
imposed on the companies, addresses security of supply chains and
supplier relationships and introduces accountability of top management
for non-compliance with the cybersecurity obligations. It streamlines
reporting obligations, introduces more stringent supervisory measures
for national authorities, as well as stricter enforcement requirements,
and aims at harmonising sanctions regimes across Member States. It will
help increase information sharing and cooperation on cyber crisis
management at a national and EU level.
Commission
© European Commission
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article