Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

The EU’s new NIS2 Directive is now enforceable by member states

The European Union’s Network and Information Security Directive 2 came into effect on 18 October – but what does that mean for everyone else?

user icon David Hollingworth
Fri, 18 Oct 2024
The EU’s new NIS2 Directive is now enforceable by member states
expand image

The European Commission announced on 17 October that its new Network and Information Security Directive 2 (NIS2 Directive) has been officially adopted and, from 18 October, will be enforceable by EU members.

The new regulations apply to critical entities such as data centre services, cloud providers, online marketplaces, search engines, and social media platforms, which must now comply with new security and notification requirements when it comes to reporting serious cyber incidents.

The new directive also applies to the member states themselves, which will be required to stand up, for instance, Computer Security Incident Response Teams and their own national Network and Information Systems authorities.

============
============

NIS2 features 10 “key elements” for compliance, relating to supply chain security, vulnerability handling and disclosure, incident handling, cryptography, and encryption

“Cyber security is one of the main building blocks for the protection of our citizens and our infrastructure,” Margrethe Vestager, European Commission executive vice-president for a Europe Fit for the Digital Age, said in a statement.

“In today’s cyber security landscape, stepping up our capabilities, security requirements and rapid information sharing with up-to-date rules is of paramount importance. I urge the remaining member states to implement these rules at a national level as fast as possible to ensure that the services which are critical for our societies and economies are cyber secure.”

However, while the NIS2 Directive applies directly to entities operating in the EU, like the UK’s GDPR, the directive will have global implications for any business wishing to do business in the region.

“Meeting the requirements of NIS2 is crucial in avoiding trade barriers and building trust with EU partners and customers,” Bob Wambach, Dynatrace’s VP of product portfolio, said.

“Closer collaboration between security and development teams is vital to ensure software isn’t promoted from early stages of the pipeline until all are confident it is secure. Automated quality and security gates are a great way to remove the manual toil in this process, supporting the shift-left mindset.

“The best way to enable this is to converge observability and security data in a unified platform, to unearth the full context behind incidents and use that insight to drive automated pipelines. These capabilities are crucial for meeting the requirements of NIS2, avoiding roadblocks to doing business in Europe and increasing confidence amongst customers globally.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.