The NIS2 Directive is a cybersecurity directive that was adopted by the European Union in November 2022. It is the successor to the NIS Directive, which was adopted in 2016. The NIS2 Directive aims to strengthen the cybersecurity of essential services and digital infrastructure across the EU.

The NIS2 Directive applies to a wide range of sectors, including energy, transport, water, healthcare, and digital infrastructure. It requires Member States to implement a number of measures to improve their cybersecurity, such as:

  • Adopting national cybersecurity strategies
  • Establishing national cybersecurity authorities
  • Reporting cybersecurity incidents to the EU
  • Implementing cybersecurity risk management measures
  • Cooperating with other Member States on cybersecurity

The NIS2 Directive also includes a number of new measures, such as:

  • Requirements for cloud service providers and managed service providers
  • Requirements for operators of essential services to have incident response plans
  • Requirements for Member States to have cybersecurity awareness programs

NIS2 Scoping Quick Reference

Source: National Cyber Security Centre of Ireland

The NIS2 Directive is expected to have a significant impact on the way that cybersecurity is managed in the EU. It will help to improve the security of essential services and digital infrastructure, and it will help to create a more harmonized approach to cybersecurity across the EU.

It is essential that all organizations that are subject to the Directive take steps to comply with its requirements.  Some organisations may well fall under the scope of NIS2 without realising, especially if they provide 3rd party services to the critical infrastructure sector.  Get in contact with CyberSolace if you require any guidance in this space.

Click the button below to access the Irish NCSC guide on the topic.