The new EU NIS2 Directive is now enforceable by member states
The European Union’s Network and Information Security Directive 2 came into force on October 18, but what does that mean for everyone else?
The European Commission announced on October 17 that its new Network and Information Security Directive 2 (NIS2 Directive) has been officially adopted and, from October 18, will be implemented by EU members.
The new regulations apply to critical entities such as data center services, cloud providers, online marketplaces, search engines and social media platforms, which must now comply with new security and notification requirements when it comes to reporting cyber incidents. serious.
The new directive also applies to the member states themselves, which will have to deal, for example, with computer security incident response teams and their own national network and information systems authorities.
NIS2 presents 10 “key elements” for compliance, related to supply chain security, vulnerability management and disclosure, incident management, cryptography and encryption.
“Cybersecurity is one of the main pillars for the protection of our citizens and our infrastructure,” Margrethe Vestager, executive vice president of the European Commission for a Europe adapted to the digital age, said in a statement.
“In the current cybersecurity landscape, it is of utmost importance to improve our capabilities, security requirements and rapid information sharing with updated rules. “I urge the remaining member states to implement these rules nationally as quickly as possible to ensure that services that are critical to our societies and economies are cyber-secure.”
However, while the NIS2 Directive applies directly to entities operating in the EU, like the UK’s GDPR, the directive will have global implications for any company wishing to do business in the region.
“Meeting NIS2 requirements is crucial to avoiding trade barriers and building trust with EU partners and customers,” said Bob Wambach, vice president of product portfolio at Dynatrace.
“Closer collaboration between security and development teams is vital to ensure that software is not promoted from the early stages of the process until everyone is sure it is secure. Automated quality and safety gates are a great way to eliminate manual work in this process, supporting the shift-left mentality.
“The best way to enable this is to converge observability and security data into a unified platform, to uncover the full context behind incidents and use that information to drive automated processes. “These capabilities are crucial to meeting NIS2 requirements, avoiding obstacles to doing business in Europe and increasing trust among customers globally.”