NIS2

EU – NIS2: Three Difficult Implementation Issues

By / Blog /

NIS2 Directive aims to enhance EU cybersecurity but faces implementation challenges. Key issues include:
1. Scope – Expansive definitions make it unclear who is covered, especially for diverse organizations.
2. Implementing Regulation – Complex obligations may lead to non-compliance; partially flexible requirements exist.
3. Director Liability – Management boards could face personal liability variably across jurisdictions, complicating compliance.

Overall, the EU's legislative push seeks to address cyber threats, stressing that cybersecurity must be a priority amidst regulatory complexities.

https://www.linklaters.com/en/insights/blogs/digilinks/eu-nis2—-three-difficult-implementation-issues

Consult the European Vulnerability Database to Enhance Your Digital Security!

By / Blog / , ,

ENISA has launched the European Vulnerability Database (EUVD), aimed at enhancing cybersecurity across the EU by providing comprehensive information on vulnerabilities in ICT products and services as mandated by the NIS2 Directive. The database offers actionable insights on cybersecurity vulnerabilities, including mitigation measures, and is accessible to the public, industry stakeholders, and national authorities. It supports better analysis, situational awareness, and risk management while collaborating with various organizations to ensure effective vulnerability disclosure practices.

https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

ENISA Launches EU Vulnerability Database to Strengthen Cybersecurity Under NIS2 Directive, Boost Cyber Resilience

By / Blog / , ,

ENISA has launched the EU Vulnerability Database under the NIS2 Directive to enhance cybersecurity and resilience across the EU. The database provides centralized, reliable information on cybersecurity vulnerabilities, offering insights for risk management and mitigation. It integrates data from various sources to improve situational awareness and transparency, helping organizations better protect against cyber threats. ENISA aims to refine the database throughout 2025, incorporating user feedback and evolving cybersecurity needs while emphasizing the significance of coordinated vulnerability disclosure in strengthening the EU's cyber defenses.

https://industrialcyber.co/vulnerabilities/enisa-launches-eu-vulnerability-database-to-strengthen-cybersecurity-under-nis2-directive-boost-cyber-resilience/

NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems

By / Blog / , ,

NIS2 Directive enhances EU cybersecurity rules across 18 sectors, requiring member states to develop national strategies, manage risks, report incidents, and establish accountability. It expands coverage beyond energy and healthcare to include public services and digital platforms, fostering cooperation and information sharing among nations through CSIRTs and networks like EU-CyCLONe. This legislation, effective from January 2023, supersedes NIS1, aiming for heightened security amidst rising cyber threats. Member states must comply by October 2024.

https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

EU NIS2 Implementation: Mind the Growing Compliance Gap

By / Blog / , ,

EU Member States faced a compliance gap in implementing NIS2, with only 11 states having passed legislation by the October 2024 deadline. New laws surfaced in Finland and Malta, while Denmark plans to introduce legislation by April, effective July 2025. Early adopters like Belgium and Hungary are ahead in compliance, leaving multinational organizations to navigate varied progress across jurisdictions.

https://connectontech.bakermckenzie.com/eu-nis2-implementation-mind-the-growing-compliance-gap/#page=1

UK Cybersecurity Reform Planned Changes in the Cyber Security and Resilience Bill

By / Blog / , ,

UK Cybersecurity Reform: Upcoming Cyber Security and Resilience Bill updates UK’s NIS Regulations 2018 to enhance cybersecurity in line with EU NIS2 Directive. Key changes include expanding NIS scope to include Managed Service Providers, establishing Designated Critical Suppliers, and incorporating data centres. Enhanced obligations will cover supply chain responsibilities, technical requirements, and stricter incident reporting timelines. The Government will gain greater enforcement powers, including directive authority over entities and regulators, alongside new fee structures for NIS registration. The Bill aims for improved cybersecurity readiness and alignment with international standards, with publication expected in 2025.

https://www.twobirds.com/en/insights/2025/uk/uk-cybersecurity-reform-planned-changes-in-the-cyber-security-and-resilience-bill

From ISO to NIS2

By / Blog /

NIS2 Directive reshapes global cybersecurity compliance, replacing ISO 27001's voluntary controls with mandatory requirements. Leaders must harmonize frameworks, adapt to jurisdictional variations, enhance incident response and foster cross-department collaboration for effective compliance. Proactive strategies, training investments, and integrating compliance into digital transformation are essential for resilience and operational excellence. Viewing compliance as a dynamic capability offers competitive advantage amid evolving regulations and technologies.

https://gbhackers.com/iso-to-nis2/

NIS2 in Belgium: Are You Considered an ‘energy Producer’ if You Generate Power Solely for Your Own Use?

By / Blog /

Belgium's NIS2 legislation classifies energy producers broadly. Companies generating energy solely for internal use, like solar or wind power, may still be deemed “energy producers” under NIS2 if they meet size criteria (medium or large). Thus, even minor energy generating activities can lead to compliance obligations, including incident reporting. However, proportionate oversight may be applied, recognizing lower societal impact from smaller operations.

https://www.eversheds-sutherland.com/en/slovakia/insights/nis2-in-belgium

Scroll to Top