NIS2 – Page 3 – CIO.works

NIS2: Why Are Firms Struggling to Comply?

By CIO / Blog / regulation, NIS2, EU, cybersecurity

Many organizations struggle with compliance to the EU's NIS2 Directive due to complex supply chains, outdated infrastructure, and insufficient cybersecurity investment. ENISA warns that several critical sectors, like ICT and healthcare, face significant challenges. In contrast, industries such as electricity and banking show more cybersecurity maturity. Additionally, inconsistent national regulation and capacity issues hinder compliance efforts across EU member states. Recommendations for improving compliance include conducting risk assessments, establishing clear asset visibility, appointing NIS2 leaders, and implementing strong incident response plans.

https://www.itpro.com/business/policy-and-legislation/nis2-why-are-firms-struggling-to-comply

EU – NIS2: Three Difficult Implementation Issues

By CIO / Blog / NIS2

NIS2 Directive aims to enhance EU cybersecurity but faces implementation challenges. Key issues include:
1. Scope – Expansive definitions make it unclear who is covered, especially for diverse organizations.
2. Implementing Regulation – Complex obligations may lead to non-compliance; partially flexible requirements exist.
3. Director Liability – Management boards could face personal liability variably across jurisdictions, complicating compliance.

Overall, the EU's legislative push seeks to address cyber threats, stressing that cybersecurity must be a priority amidst regulatory complexities.

https://www.linklaters.com/en/insights/blogs/digilinks/eu-nis2—-three-difficult-implementation-issues

Consult the European Vulnerability Database to Enhance Your Digital Security!

By CIO / Blog / NIS2, EU, cybersecurity

ENISA has launched the European Vulnerability Database (EUVD), aimed at enhancing cybersecurity across the EU by providing comprehensive information on vulnerabilities in ICT products and services as mandated by the NIS2 Directive. The database offers actionable insights on cybersecurity vulnerabilities, including mitigation measures, and is accessible to the public, industry stakeholders, and national authorities. It supports better analysis, situational awareness, and risk management while collaborating with various organizations to ensure effective vulnerability disclosure practices.

https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security

ENISA Launches EU Vulnerability Database to Strengthen Cybersecurity Under NIS2 Directive, Boost Cyber Resilience

By CIO / Blog / NIS2, EU, cybersecurity

ENISA has launched the EU Vulnerability Database under the NIS2 Directive to enhance cybersecurity and resilience across the EU. The database provides centralized, reliable information on cybersecurity vulnerabilities, offering insights for risk management and mitigation. It integrates data from various sources to improve situational awareness and transparency, helping organizations better protect against cyber threats. ENISA aims to refine the database throughout 2025, incorporating user feedback and evolving cybersecurity needs while emphasizing the significance of coordinated vulnerability disclosure in strengthening the EU's cyber defenses.

https://industrialcyber.co/vulnerabilities/enisa-launches-eu-vulnerability-database-to-strengthen-cybersecurity-under-nis2-directive-boost-cyber-resilience/

NIS2 Directive: New Rules on Cybersecurity of Network and Information Systems

By CIO / Blog / EU, regulation, NIS2

NIS2 Directive enhances EU cybersecurity rules across 18 sectors, requiring member states to develop national strategies, manage risks, report incidents, and establish accountability. It expands coverage beyond energy and healthcare to include public services and digital platforms, fostering cooperation and information sharing among nations through CSIRTs and networks like EU-CyCLONe. This legislation, effective from January 2023, supersedes NIS1, aiming for heightened security amidst rising cyber threats. Member states must comply by October 2024.

https://digital-strategy.ec.europa.eu/en/policies/nis2-directive

Commission Calls on 19 Member States to Fully Transpose the NIS2 Directive

By CIO / Blog / NIS2, EU

19 EU Member States called to transpose NIS2 Directive for cybersecurity by October 2024. Commission issues opinion; non-compliance may lead to legal action.

https://digital-strategy.ec.europa.eu/en/news/commission-calls-19-member-states-fully-transpose-nis2-directive

Navigating Cybersecurity Compliance

By CIO / Blog / EU, NIS2

EU NIS2 Directive guides cybersecurity compliance.

https://ezine.eversheds-sutherland.com/eu-nis2-directive/

EU NIS2 Implementation: Mind the Growing Compliance Gap

By CIO / Blog / EU, cybersecurity, NIS2

EU Member States faced a compliance gap in implementing NIS2, with only 11 states having passed legislation by the October 2024 deadline. New laws surfaced in Finland and Malta, while Denmark plans to introduce legislation by April, effective July 2025. Early adopters like Belgium and Hungary are ahead in compliance, leaving multinational organizations to navigate varied progress across jurisdictions.

https://connectontech.bakermckenzie.com/eu-nis2-implementation-mind-the-growing-compliance-gap/#page=1

UK Cybersecurity Reform Planned Changes in the Cyber Security and Resilience Bill

By CIO / Blog / cybersecurity, NIS2, uk

UK Cybersecurity Reform: Upcoming Cyber Security and Resilience Bill updates UK’s NIS Regulations 2018 to enhance cybersecurity in line with EU NIS2 Directive. Key changes include expanding NIS scope to include Managed Service Providers, establishing Designated Critical Suppliers, and incorporating data centres. Enhanced obligations will cover supply chain responsibilities, technical requirements, and stricter incident reporting timelines. The Government will gain greater enforcement powers, including directive authority over entities and regulators, alongside new fee structures for NIS registration. The Bill aims for improved cybersecurity readiness and alignment with international standards, with publication expected in 2025.

https://www.twobirds.com/en/insights/2025/uk/uk-cybersecurity-reform-planned-changes-in-the-cyber-security-and-resilience-bill

From ISO to NIS2

By CIO / Blog / NIS2

NIS2 Directive reshapes global cybersecurity compliance, replacing ISO 27001's voluntary controls with mandatory requirements. Leaders must harmonize frameworks, adapt to jurisdictional variations, enhance incident response and foster cross-department collaboration for effective compliance. Proactive strategies, training investments, and integrating compliance into digital transformation are essential for resilience and operational excellence. Viewing compliance as a dynamic capability offers competitive advantage amid evolving regulations and technologies.

https://gbhackers.com/iso-to-nis2/