ilya-pavlov-OqtafYT5kTw-unsplash

Newsletter

Agreement reached on NIS 2 Directive

First proposed in December 2020, negotiations conclude on this key text.

philipp-katzenberger-iIJrUoeRoCQ-unsplash

The growing threat of cyber threats evident throughout Europe calls for a harmonised approach to security. With new developments in the technologies we use and threats we face, legislation must be updated to adapt to modern standards.

An update to the 2016 directive, the second Directive on Network and Information Security (NIS 2) was first proposed by the European Commission in December 2020. Expanded to include crisis management and incident responses, the new directive includes provisions to regulate the effective use of encryption, security testing and management and disclosure of weaknesses. Under the new directive, organisations must report cybersecurity incidents to relevant authorities within 24 hours. Crucially, the text will guarantee security throughout supply chains, introducing accountability of top management for non-compliance with cybersecurity obligations.

NIS 2 is part of a wider European digital strategy, which has seen a number of new legislative initiatives presented, including the Digital Services Act, Digital Market Act and Artificial Intelligence Act. Within this swell of legislation, NIS 2 focuses on modernising security of critical services, and will be linked to the upcoming Cyber Resilience Act.

Covering new sectors such as energy, transport, financial markets, health and digital infrastructure, the directive will strengthen security requirements by imposing a risk management approach and demanding surveillance measures for national authorities. In addition, the text includes enforcement requirements and aims to harmonize sanctioning regimes across EU member states while helping to increase information sharing and cooperation on cyber crisis management at a national and EU level.

Eurocadres welcomes the adoption of NIS 2, with the move providing robust infrastructure in the protection of companies and citizens against a growing number of cyber threats. As our digital transition progresses, it will be important that revisions of existing directives take place in consultation with social partners and workers.