The Network and Information Security 2 directive, or NIS2 directive, is new European legislation designed to make European organisations more resilient to cyber threats. It also aims to improve cooperation throughout the EU when it comes to cybersecurity. The directive will apply to more than 160.000 organizations in Europe.
Member States must integrate NIS2 into their national laws by the 17th of October 2024. The NIS2 directive prescribes a set of minimum security requirements. Member States might be more strict when translating the directive into national laws.
Organisations will be expected to comply with NIS2 from the 18th of October 2024. The consequences of non-compliance are more serious for essential entities than for important entities. The EU has emphasized that it will take enforcement of NIS2 more seriously than of the current NIS directive.
NIS2 introduces management liability, making upper-level management of companies accountable for non-compliance with cybersecurity obligations. The responsibility for cybersecurity measures has shifted to the highest level of organisations. This is a major change compared to the original NIS directive.
Source: Secura
