Thank you for visiting us! The shop is in catalogue mode. It is not yet possible to buy online. If you are interested in a product, please contact us. See you later!

The NIS 2 Directive of 2023 in brief.

ARTICLE - NIS 2 DIRECTIVE

Stock Status: Not applicable -> Information page
Not applicable -> Information page
This item is currently out of stock and cannot be purchased.

Description

The NIS 2 Directive of 2023 in brief.

NIS2 Directive (Network and Information Systems Directive 2) European cybersecurity law. Its purpose is to secure networks and IT systems against attacks and data theft within the European Union.

NIS2 builds on the already strong EU cybersecurity acquis, which includes the first EU cybersecurity law:

- NIS Directive 2016,
- Cybersecurity Act 2019,
- Regulation on European Cybersecurity Competence Center and Network 2021,
- Cyber Diplomacy Toolbox 2019


The NIS 2 Directive is an amendment to the first (2016) European law on cybersecurity of European Union Member States and entities operating within the EU, which entered into force on January 16, 2023.

From this date, EU Member States have 21 months to implement the provisions of the Directive into national law.

The new regulations should apply in all European Union countries from October 17, 2024.

The most important changes resulting from the NIS 2 Directive:

It includes two types of entities:

- essential entities

- important entities

Key sectors are listed in Annex I to the directive, and important sectors are listed in Annex II.

Key entities according to NIS2

- energy,
- transport,
- banking,
- financial market infrastructure,
- Healthcare,
- drinking water sector,
- sewage,
- digital infrastructure,
- ICT service management,
- public administration,
- outer space.


Entities valid according to NIS2

- postal and courier services,
- waste management,
- production, processing and distribution of chemicals,
- food production, processing and distribution,
- production (in the broad sense),
- digital services,
- research.

Greater requirements are imposed on entities covered by the NIS2 Directive than before
- management,
- service,
- disclosure of security vulnerabilities (obligation to report incidents)
- testing the level of cybersecurity,
- effective use of encryption.

The directive specifies

- records regarding incident reporting.
- introduces the responsibility of company management for compliance with cybersecurity risk management measures,
- introduces new mechanisms of international cooperation by establishing the European Crisis Management Network in Cyberspace.
- strengthens the role of the European Cybersecurity Agency.

In order to ensure that key and important entities comply with the obligations set out in the Directive, competent authorities will be provided with a number of instruments: supervisory and enforcement measures.

Supervision and enforcement measures including penalties in the NIS 2 Directive.
Examples at a glance:
- temporary suspension of the certificate or authorization for some or all services provided
- imposition of a temporary ban on performing management functions
- natural persons could be held liable
- administrative fines (according to the provisions, they are to be effective, proportionate and dissuasive)
* for key entities - EUR 10,000,000 or at least 2% of the annual global turnover in the previous financial year of the enterprise to which the entity belongs (the higher amount applies),
* for important entities - EUR 7,000,000 or at least 1.4% of the annual worldwide turnover in the previous financial year of the enterprise to which the entity belongs (the higher amount applies).


30/04/2024
source: Ministry of Infrastructure, Cyberpolicy NASK, CyEn (Cybersecurity European Network)

---------------------------------
Dyrektywa NIS, NIS, Bezpieczeństwo sieci i informacji, cyberbezpieczeństwo,Incydenty Bezpieczeństwa Komputerowego, CSIRT, CERT-EU, CERT Polska, CSIRT NASK, NASK, zabezpieczenie sieci i systemów informatycznych, zabezpieczenie sieci przed atakiem, zabezpieczenie systemów informatycznych przed atakiem, zakres dyrektywy NIS, obowiązki w ramach dyrektywy NIS, zespół reagowania na awarie komputerowe, NIS Directive, NIS, Network and information security, cybersecurity, Computer Security Incidents, CSIRT, CERT-EU, CERT Polska, CSIRT NASK, NASK, securing networks and information systems, securing networks against attacks, securing IT systems against attacks, scope of the NIS directive , obligations under the NIS directive, computer failure response team, Cybersecurity European Network,CyEn,

Similar Products