03 February 2023

NIS 2 AND CER DIRECTIVE ENTER INTO FORCE

On 16 January 2023, the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and the Directive on the resilience of critical entities (CER Directive) entered into force.

The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity for organizations carrying out their activities within the EU. The NIS2 Directive, which sets out measures for a high common level of cyber security across the Union, was formally adopted on 11 November 2022. The scope of the Directive covers transport but not logistics, apart for Germany and France, as they have extended it.

Instead, the CER Directive repeals the European Critical Infrastructure Directive and aims at strengthening the resilience of critical infrastructure to a range of threats, including natural hazards, terrorist attacks, insider and cyber threats. The CER Directive applies to 11 sectors which have been deemed critical: energy, transport, banking, financial market infrastructures, health, drinking water, wastewater, digital infrastructure, public administration, space and food.