The EU Directive 2022/2555 (better known as NIS2) has entered into force on 16 January 2023, replacing the EU Directive 2016/1148. It improves the existing cyber security status across the Union by:
- creating the European Cyber Crises Liaison Organisation Network (CyCLONe) as cyber crisis management structure
- increasing the level of harmonization regarding security requirements and reporting obligations
- encouraging EU Members States to introduce new areas of interest such as supply chain, vulnerability management, core internet and cyber hygiene in their national cybersecurity strategies
- covering a larger share of the economy and society by including more sectors which means that more entities are obliged to take measures in order to increase their level of cybersecurity.
NIS2 assigns to the European Union Agency for Cybersecurity (ENISA) a number of significant new tasks including:
- The development and maintenance of a European vulnerability registry
- The secretariat of CyCLONe
- The creation and maintenance of a registry for entities providing cross-border services e.g DNS service providers, TLD name registries, entities providing domain name registration services, cloud computing service providers and data centre service providers
- The publication of an annual report on the state of cybersecurity in the EU
Find the text of the NIS2 Directive here.