The European Commission has officially adopted its first set of implementing rules under the NIS2 Directive, marking a significant step in enhancing the cybersecurity of critical entities and networks across the European Union.
The NIS2 Directive, aimed at achieving a high standard of cybersecurity throughout the Union, outlines specific measures for managing cybersecurity risks.
Additionally, it sets out clear criteria for identifying and reporting significant cyber incidents to national authorities, strengthening Europe’s cyber resilience.
Margrethe Vestager, Executive Vice-President for Europe Fit for the Digital Age, commented: “Cybersecurity is one of the main building blocks for the protection of our citizens and our infrastructure.
“In today’s cybersecurity landscape, stepping up our capabilities, security requirements, and rapid information sharing with up-to-date rules is of paramount importance.
“I urge the remaining Member States to implement these rules at a national level as fast as possible to ensure that the services which are critical for our societies and economies are cyber secure.”
New rules apply to key digital service providers
The new cybersecurity regulations target essential categories of companies that provide vital digital services, such as cloud computing, data centres, online marketplaces, search engines, and social networking platforms.
The implementing act also provides a framework to determine when a cyber incident should be deemed ‘significant.’ Companies in these sectors must report such incidents to national authorities, enabling swift action to mitigate any potential harm.
The NIS2 Directive will be crucial in fortifying the cyber defences of these digital infrastructure providers, which play a critical role in the functioning of Europe’s digital economy.
The regulation will ensure that these companies implement adequate risk management measures to safeguard their systems and the sensitive data they handle.
NIS2 Directive to be enforced across all EU Member States
The adoption of these regulations coincides with the deadline for EU Member States to transpose the NIS2 Directive into their national laws.
As of 18 October 2024, all Member States are required to apply the cybersecurity measures outlined in the directive. This includes stringent supervisory and enforcement measures to ensure compliance, marking a new era in EU-wide cybersecurity governance.
Building on previous policy
The NIS2 Directive, which replaced the original 2016 NIS Directive, represents a key element in the EU’s strategy to secure its digital future.
With the official rules published soon, the implementing regulation will take effect 20 days after publication, providing a more robust legal framework to tackle cyber threats.
By strengthening security requirements, enhancing information sharing, and harmonising sanctions across Member States, the NIS2 Directive aims to create a safer digital landscape for the entire Union.