NIS2 directive in a nutshell

Cybersecurity, security of network and information systems

In 2016, the European Union introduced the first broader cybersecurity legislation, the NIS directive. The objective of the NIS directive was to achieve a uniform, higher level of security for network and information systems in the EU. The directive had to be part of the legislation of the member states in May 2018. In December 2020, the European Commission proposed updating the NIS directive as part of its main objectives regarding the digitalization of Europe.

The NIS2 directive is an updated version of its predecessor, which aims to respond to the new threats brought by digitalization and increased cyber-attacks. NIS2 expands its scope with new industries. In addition, it strengthens the cybersecurity risk-management and reporting obligations of organizations and the responsibility of management bodies. It also imposes obligations on member states, and at the same time the control measures are also tightened, and their implementation strengthened.

The objective is to increase the cyber resilience of the entire EU in an ever-evolving digital world and threat environment. The title of the NIS2 directive has been defined as “measures for a high common level of cybersecurity across the Union”. The directive must be part of the national legislation of the member states by 17 October 2024 and applicable from 18 October 2024.

In the attached article, you can read about the upcoming NIS2 directive in a nutshell

Marjo Hanhikoski
Centria University of Applied Sciences
Project assistant