New rules to boost cybersecurity of EU’s critical entities and networks
The Commission has adopted today the first implementing rules on cybersecurity of critical entities and networks under the Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive). This implementing act details cybersecurity risk management measures as well as the cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. This is another major step in boosting the cyber resilience of Europe’s critical digital infrastructure.
Margrethe Vestager, Executive Vice-President for Europe fit for the digital age said: “Cybersecurity is one of the main building blocks for the protection of our citizens and our infrastructure. In today’s cybersecurity landscape, stepping up our capabilities, security requirements and rapid information sharing with up-to-date rules is of paramount importance. I urge the remaining Member States to implement these rules at national level as fast as possible to ensure that the services which are critical for our societies and economies are cyber secure.”
Today’s adoption of the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of tomorrow, 18 October 2024, all Member States must apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures.