Today, two key directives on critical and digital infrastructure will enter into force and will strengthen the EU’s resilience against online and offline threats, from cyberattacks to crime, risks to public health or natural disasters image of people working on screens in a computer centre Recent threats to the EU’s critical infrastructure have attempted to undermine our collective security. Already in 2020, the Commission had proposed a significant upgrade to the EU’s rules on the resilience of critical entities and the security of network and information systems.
The 2 Directives entering into force are:
- Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)
- Directive on the resilience of critical entities (CER Directive)
The NIS 2 Directive will ensure a safer and stronger Europe by significantly expanding the sectors and type of critical entities falling under its scope. These include providers of public electronic communications networks and services, data centre services, wastewater and waste management, manufacturing of critical products, postal and courier services and public administration entities, as well as the healthcare sector more broadly. Furthermore, it will strengthen the cybersecurity risk management requirements that companies are obliged to comply with, as well as streamline incident reporting obligations with more precise provisions on reporting, content and timeline. The NIS2 Directive replaces the rules on the security of network and information systems, the first EU-wide legislation on cybersecurity.