The EU NIS 2 Directive, formally known as Directive (EU) 2022/2555, establishes a unified legal framework to enhance cybersecurity across the European Union by setting stricter and more comprehensive requirements for network and information systems security. It replaces the original NIS Directive from 2016 and significantly expands its scope to cover a wider range of sectors—18 critical sectors including energy, transport, healthcare, finance, digital infrastructure, public administration, manufacturing of critical products, and new areas such as wastewater management and social platforms. The directive mandates that medium and large entities in these sectors implement risk management measures, report significant cybersecurity incidents, and comply with enhanced supervision and enforcement mechanisms. It also requires Member States to develop national cybersecurity strategies, improve cross-border cooperation, and ensure supply chain security and vulnerability management. NIS 2 introduces a classification of entities as “essential” or “important” based on sector and size, with corresponding obligations and stricter penalties. The directive aims to raise the overall EU cybersecurity level, addressing the growing threat landscape and fostering a more resilient digital single market.
Publication's URL
URL: https://eur-lex.europa.eu/eli/dir/2022/2555/oj/engPublication's scorecard
Country: EU
Scope: Cyber
Typology: Regulation
Publication's date: November 28, 2022
Category: Cyber Resilience
Sector: Cross-Sector
Rating:
(No Ratings Yet)
Loading...