![]() NIS2 establishes “the application of the size-cap rule, whereby all medium and large enterprises, as defined by Commission Recommendation 2003/361/EC, that operate within the sectors or provide the type of services covered by this Directive, fall within its scope”. ![]() NIS2 also introduces fines for failure to comply, including suspension of certification and personal liability to managerial positions, in line with national laws.įinally, the directive establishes the European Cyber Crises Liaison Organization Network, EU-C圜LONe, to enable cooperation between national agencies and authorities in charge of cybersecurity, and each Member State will also be required to clearly identify a single point of contact to report cyber incidents. In case of a cyber incident, these entities will also be required to submit an initial notification within 24 hours and more detailed information within 72 hours. Whilst new obligations are brought in for those in other “critical” sectors such as manufacturing, food, chemicals, waste management, postal and courier services.Įnterprises classed as “High Criticality” will be required to take both technical and operational measures to comply with NIS2, including incident response, supply chain security, encryption and vulnerability disclosure, adequate risk analysis, testing and auditing of cybersecurity strategies, and crisis management planning in view to ensure business continuity. NIS2 introduces a broader scope of action, impacting more entities in “high criticality” sectors, both the public and private sectors, such as energy, transport, banking, water and waste water, among other critical infrastructure. The directive now approved replaces the NIS directive introduced in 2016 as the first-ever EU-wide legislation on cybersecurity. ![]() The new legislation comes as a response to the growing dependency of critical sectors on digitalization and their higher exposure to cyber threats. ESET welcomes the decision of EU legislators to adopt the second Network and Information Security Directive ( NIS2) aimed at strengthening cyber resilience across the Union. ![]()
0 Comments
Leave a Reply. |