About
About the NIS 2 Directive
Full name: Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)
Type: Directive
Objective and key elements:
- Enhancing the preparedness of the Member States (cooperating among other Member states through a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority and EU-wide Cooperation Group)
- Requirements to form a culture of security across sectors that are vital for the EU economy and society and that rely heavily on ICTs, such as:
- energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure
- Operators of essential services (as appointed) in the above sectors will be obliged to take appropriate security measures and notify relevant national authorities of serious incidents
- Requirements for key digital service providers, such as search engines, cloud computing services and online marketplaces, to comply with the security and notification requirements under NIS 2
Relevant to: Operators of essential services, key digital service providers
Status: In force since 16 January 2023, to be implemented by the Member States by 17 October 2024
Related legislation: Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC (CER-directive)
(Last updated 7 March 2023)