21 October 2024

COM ADOPTS RULES ON CYBERSECURITY OF CRITICAL ENTITIES AND NETWORKS

On 17 October, the European Commission adopted the first implementing rules on cybersecurity of critical entities and networks under the NIS2 Directive. The implementing act outlines cybersecurity risk management measures and specific cases when companies must report significant incidents to national authorities.

The implementing regulation lays down the technical and the methodological requirements of the measures referred to in NIS2 with regard, among others, service providers, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, of online search engines and networking services platforms.

The Commission publication of the implanting act coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of 18 October, all Member States must apply the measures necessary to comply with NIS2 cybersecurity rules, including supervisory and enforcement measures.

Source: European Commission