The European Commission has released a draft of the NIS2 Directive, seeking feedback from stakeholders on proposed cybersecurity measures aimed at strengthening the EU’s resilience against cyber threats. This initiative is part of the EU’s broader strategy to enhance cybersecurity across member states.
Key Provisions of NIS2
The NIS2 Directive includes several key provisions designed to improve cybersecurity:
- Expanded Scope: Broadening the scope of the directive to include more sectors and types of entities, such as public administrations and critical infrastructure.
- Incident Reporting: Mandating timely reporting of significant cybersecurity incidents to national authorities, enhancing transparency and response capabilities.
- Risk Management: Requiring organizations to implement comprehensive risk management practices, including regular risk assessments and mitigation measures.
- Supply Chain Security: Emphasizing the importance of securing the supply chain and requiring entities to assess and manage risks related to third-party suppliers.
- Penalties: Introducing stricter penalties for non-compliance, incentivizing organizations to adhere to cybersecurity standards.
Stakeholder Feedback
The European Commission is seeking feedback from a wide range of stakeholders, including businesses, cybersecurity experts, and public authorities. This feedback will be used to refine the draft measures and ensure they are effective and practical.
Implications for Businesses
Businesses operating in the EU will need to prepare for the new requirements under NIS2. This includes reviewing and updating their cybersecurity practices, enhancing incident response capabilities, and ensuring compliance with reporting obligations.
For more information on cybersecurity regulations and best practices, visit Hipther.
Source of the news: National Law Review
