About NIS2

The Network and Information Security 2 (NIS2) Directive is a comprehensive cybersecurity legislation aimed at strengthening the security of network and information systems across the European Union.

Background

The NIS2 Directive builds upon the original NIS Directive, which was the first EU-wide legislation on cybersecurity. NIS2 aims to address the limitations of its predecessor and respond to the evolving cyber threat landscape [^5].

Key Objectives

• Increase the level of cyber resilience across the EU [^5]
• Reduce inconsistencies in resilience across the internal market in sectors covered by the directive [^5]
• Improve the level of joint situational awareness and collective capability to prepare and respond to cybersecurity challenges [^5]

Key Changes from NIS1

• Expanded scope covering more sectors and entities [^4]
• Introduction of size caps for medium and large companies [^4]
• Stricter supervisory measures for national authorities [^4]
• More harmonized sanctions across the EU [^4]
• Enhanced cooperation and information sharing between Member States [^5]

Timeline

• December 2020: NIS2 proposal presented by the European Commission [^5]
• December 2022: NIS2 signed [^4]
• October 2024: Detailed requirements expected [^4]
• January 2025: NIS2 expected to come into effect [^4]

Impact on Organizations

NIS2 will have a significant impact on organizations across various sectors. It introduces:

• More stringent cybersecurity requirements
• New reporting obligations
• Increased accountability for top management
• Potential for significant fines for non-compliance

Organizations need to start preparing for NIS2 well in advance of its implementation to ensure compliance and improve their overall cybersecurity posture.