The EU member states implemented the NIS Directive (or Directive concerning measures for a high common level of security of network and information systems across the Union) into the legislation and many of the affected organizations are trying to be compliant with that if they already haven’t. But before the end of 2020, the European Commission has adopted a proposal for a revised Directive on Security of Network and Information Systems (NIS 2 Directive) . It was an expected move as the original NIS Directive was dated from 2016, in the light of the evolving cybersecurity state, subsequent Covid crisis, and related cybersecurity events the Directive needed a revision.
The Proposal contains more interesting key points that should make the Directive ready for changing future. It outlines the importance of the cooperation between the authorities of the EU member states by enhancing the role of the NIS Cooperation Group . The goal is to make more strict enforcement of the requirements, harmonizing sanctions and stringent supervisory measures by the authorities across Europe.
From the business point of view, this legislation broadens the scope of the organizations that are affected by the Directive, by adding new sectors that are critical for the economy and society. The distinction between operators of essential services and digital service providers is eliminated in the proposal, their importance should be classified. Also, a clear size gap is introduced, which means large and medium companies from the sectors in the scope are included. The proposal aims also on the supply-chain cybersecurity risks and proper risk management.
AISEC works in a risk management approach way and provides the minimum of security measures that need to be applied to be compliant with existing legislation. Once the above-mentioned proposal will be active, AISEC will help with the compliance verification.