EU Parliament Publishes Comprehensive Briefing on NIS2 Directive: Strengthening Cybersecurity Across Member States

The European Parliament has released an extensive briefing on the Network and Information Security (NIS) Directive's successor, the NIS2 Directive. The briefing, published on August 2nd, outlines the key provisions and objectives of the NIS2 Directive, marking a crucial step in fortifying the EU's cybersecurity framework.

The NIS Directive, introduced as the first-ever EU-wide legislation on cybersecurity, aimed to establish a high common level of cybersecurity standards across all Member States. Despite its intent to bolster cybersecurity capabilities, the implementation of the NIS Directive encountered challenges, resulting in fragmentation across the internal market. To address evolving digital threats and the escalating frequency of cyberattacks, the European Commission submitted a proposal to replace the NIS Directive with the NIS2 Directive.

The NIS2 Directive seeks to build upon the foundations laid by its predecessor by introducing a range of enhancements. Notably, it strives to strengthen security requirements, address security concerns within supply chains, streamline reporting obligations, and introduce more rigorous supervisory measures and enforcement requirements. One of the pivotal changes is the introduction of harmonized sanctions throughout the EU, ensuring consistent consequences for cybersecurity breaches.

The scope of the NIS2 Directive is poised to expand significantly, with a broader range of entities and sectors being obligated to adopt cybersecurity measures. This expansion is projected to contribute to an elevated level of cybersecurity across Europe in the long term, fostering a more resilient digital landscape.

Within the European Parliament, the responsibility for the NIS2 Directive was assigned to the Committee on Industry, Research and Energy. Following meticulous deliberations, the committee approved its report on October 28, 2021, setting the stage for further discussions. Subsequently, the Council concurred with its position on December 3, 2021, signifying a consensus on the way forward.

After a series of negotiations and consultations, the co-legislators reached a provisional agreement on the text of the NIS2 Directive on May 13, 2022. This landmark political accord was officially endorsed by both the European Parliament and the Council in November 2022. The NIS2 Directive officially came into effect on January 16, 2023, initiating a transformative period for EU cybersecurity measures.

Member States have been granted a period of 21 months, until October 17, 2024, to transpose the measures outlined in the NIS2 Directive into their respective national laws. This timeline underscores the EU's commitment to fostering a collaborative and secure digital environment.

The release of the comprehensive briefing on the NIS2 Directive by the European Parliament underscores the EU's dedication to safeguarding its digital landscape. As cyber threats continue to evolve, the NIS2 Directive stands as a testament to the EU's proactive approach in enhancing cybersecurity and reinforcing its collective resilience against digital adversaries.