The revised EU directive on the security of network and information systems (NIS2) repeals and replaces the existing NIS Directive. The NIS Directive, adopted in 2016, was the first EU-wide cybersecurity law.
The principal objective of the NIS2 Directive is to increase the level of cyber resilience across the EU. It does so by requiring all entities in the EU, which provide critical services to the economy and society as a whole, to take appropriate cybersecurity measures.
Cullen International released a series of reports on the different aspects of the revised NIS2 directive.
NEW: Benchmark on the transposition status of EU NIS2 Directive
Cullen International is tracking and comparing the progress made by the 27 EU member states in transposing the Revised Directive on the Security of Network and Information Systems (NIS2).
EU member states have until 17 October 2024 to transpose the NIS2, which replaces the existing NIS Directive.
Status December 2023: Among the countries surveyed, 11 moved forward with the transposition of the NIS2 Directive but only Hungary transposed the directive into national law.
All you need to know about the new NIS2 Directive – Part 1: Scope
The revised directive classifies the entities covered into those which are considered essential and those which are important. As a rule, all medium and large size entities will have to comply with the NIS2 security risk management and reporting rules. However, the directive will adjust the classification as being either essential or important depending on the size of the entity.
The first of five reports covers the objectives and scope of the revised directive and explains the applicable rules to classify entities as either essential or important.
The revised EU directive on the security of network and information systems (NIS2) sets baseline security risk management measures for all the entities operating across the sectors falling within its scope. The directive applies an “all-hazard” approach, thus the risk management measures should also address physical and environmental security (e.g. natural disasters, system failures).
Our second of five reports provides an analysis of the common security risk management and reporting requirements, which apply to all essential and important entities covered by the revised directive.
The revised EU directive on the security of network and information systems (NIS2) imposes on critical entities (e.g. cloud providers, data centres, social media platforms) common security risk management and reporting requirements. Importantly, the NIS2 will also regulate the security of telecoms operators when providing both telecoms related services (e.g. mobile services) and non-telecoms services (e.g. cloud).
Our third of five reports covers certain security obligations which apply specifically to the telecoms, ICT supply chain and digital sectors.
All you need to know about the new NIS2 Directive –
Part 4: Supervision and jurisdiction
The revised EU directive on the security of network and information systems (NIS2) subjects essential and important entities to the same security risk management and reporting requirements. However, they differ based on supervision.
Our fourth of five reports outlines the supervisory and enforcement framework laid down by the NIS2 directive.
Our last of five reports outlines the main requirements at EU level and for EU member states that are set out in the revised directive on the security of network and information systems (NIS2).
Whereas the EU cybersecurity agency (ENISA) will have increased responsibilities, member states will have to establish national policies on large-scale cybersecurity incidents and on coordinated vulnerability disclosure.
To request one of our NIS2 reports and/or a demo of our Digital Economy intelligence,
please just complete the below form.
(Note: Our services are predominantly designed for the use of government entities, regulators, communications service providers or manufacturers. We reserve the right to offer access to our research only to selected organisations. Feel free to contact us if you have any question regarding your eligibility for free extracts or a demo. )