bg
bg
30 August, 2024
EU NIS 2

EU NIS 2-Priority on cybersecurity

The progress of digitalization is putting cybersecurity at the center of the EU’s actions, resulting in the adoption of a legislative framework that aims to emphasize proactive security monitoring and the creation of a more resilient digital infrastructure capable of dealing with the threats of the modern digital world.

The European Commission has brought forward the NIS 2 Directive, which provides legal measures to strengthen the overall level of cybersecurity within the EU and was adopted in 2023. This Directive introduces comprehensive cyber measures for Member States and significantly enhances the functioning of the market through strong security protocols and incident response capabilities.

While NIS 1 was primarily addressed to seven sectors, specifically energy, transport, banking services, financial market infrastructure, drinking water, healthcare and digital infrastructure, NIS 2 broadens its scope and addresses new sectors based on the degree of digitization and the role they play in the economy and society.

It is important to know that the NIS 2 Directive applies to both public and private entities, which are divided into “essential” and “important”, depending on the sector in which they are involved. Even public administration bodies are subject to certain conditions.

Each Member State must designate competent bodies to monitor implementation of the Directive and carry out inspections for compliance with it. In cases of non-compliance, they must impose fines that can reach up to 10,000,000€ or 10% of the total worldwide annual turnover of the business they own.

NIS Directive 2- A comprehensive set of cybersecurity measures

NIS 2 contains a comprehensive set of cybersecurity measures that companies and institutions must implement:

  • Appropriate technical and operational measures are taken to manage the risks of systems and information.
  • Report incidents, to the appropriate authorities or Computer Security Incident Response Teams (CSIRTs), that affect the security of network systems.
  • Smooth cooperation with the competent authorities or CSIRTs.
  • In case of an incident, information to the public is required. Information to the public is required even in the case of preventive measures.
  • Compliance with codes of conduct or standards of practice established at EU or national level is required.

Cybersecurity is now at the center of the EU’s attention, especially after the adoption of NIS 2, where the benefits will be obvious for operators. Dealing with cyber-attacks preserves the reputation of businesses, consumer confidence and the protection of fundamental rights such as the protection of personal data.