The Council adopts NIS2 Directive

“The Council adopted legislation for a high common level of cybersecurity across the Union, to further improve the resilience and incident response capacities of both the public and private sector and the EU as a whole.

The new directive, called ‘NIS2’, will replace the current directive on security of network and information systems (the NIS directive).

The revised directive aims to harmonise cybersecurity requirements and implementation of cybersecurity measures in different member states. To achieve this, it sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each member state. It updates the list of sectors and activities subject to cybersecurity obligations and provides for remedies and sanctions to ensure enforcement.”

The aim of this directive is therefore more than ever to raise and maintain cyber security at a decent level. If companies and entities do not have their security requirements in order, this will probably more often result in more and higher fines. The fines can amount to at least 10 million euros or 2% of total worldwide turnover.