Cybersecurity

NIS2 implementation enters the final stretch – six months to deadline

April 18, 2024
27 1 minute read
Untitled design6
b6f0eb2052c5a8cb87a0f2bdeac37d8cd7fc436b.png


In six months’ time, on 17 October 2024, Member State laws that transpose the EU’s revised Network and Information Systems Directive (“NIS2”) will start to apply.  As described in more detail in our earlier blog post (here), NIS2 significantly expands the categories of organizations that fall within scope of EU cybersecurity legislation. This new, cross-sector law imposes additional and more granular security and incident reporting rules, enhanced governance requirements that apply to organizations’ “management bodies,” and creates a stricter enforcement regime.

Organizations that are preparing for NIS2 need to keep a watchful eye on national implementing laws, competent authorities, and secondary legislation from the Commission on some of the substantive requirements.

Some Member States (e.g., Croatia) have already passed their transposing legislation, and others (e.g., Germany and Belgium) have published draft laws that are going through the legislative process. Despite the October deadline, many Member States have not yet published drafts or started their legislative process. NIS2 is a “minimum harmonization” law, meaning that Member States’ implementing laws can impose additional obligations beyond those set out in the text of the Directive. 

As we enter the last six months before national laws start to apply, establishing which Member States’ competent authorities will have jurisdiction to enforce NIS2 will also be a critical assessment for regulated entities.

We also expect to see European Commission implementing acts that will flesh out NIS2 obligations, complementing guidance the Commission published earlier this year (see our blog here). These implementing acts were expected to be published in early 2024, but have not yet materialized. Watch this space.

*                      *                      *

The Data Privacy and Cybersecurity Practice at Covington has deep experience advising on privacy and cybersecurity issues across Europe, including on NIS, NIS2, and other cyber-related regulations. If you have any questions about Member State transpositions of NIS2, how NIS2 will affect your business, or about developments in the cybersecurity space more broadly, our team would be happy to assist.



Source

April 18, 2024
27 1 minute read

Related Articles

Marshall breaks ground on cyber security institute, ‘East Coast hub’ for national security

Marshall breaks ground on cyber security institute, ‘East Coast hub’ for national security

May 17, 2024
Untitled design6

LSU Cybersecurity team receives $600K grant from NSF to Combat Malware

May 25, 2024
Cybersecurity Official: Many Water Facilities Still Unaware of Threat

Cybersecurity Official: Many Water Facilities Still Unaware of Threat

May 6, 2024
NYDFS Cybersecurity Regulation: Automated Blocking of Commonly Used Passwords

NYDFS Cybersecurity Regulation: Automated Blocking of Commonly Used Passwords

June 4, 2024
Back to top button