CLECAT Position Paper on the threshold for Essential Entities in the NIS2 Proposal
CLECAT, the European association for forwarding, transport, logistics and customs services, believes that it is of utmost importance to ensure the security of the supply chain at all times. We strongly support measures in the field of cybersecurity, which can assist companies to become more resilient against cyberthreats. CLECAT therefore welcomed the proposal for a Revised NIS Directive (NIS2), as it seeks to address the deficiencies of the previous Directive, and to adopt it to current and future needs.
CLECAT however considers the proposed threshold, a size cap covering all entities except for micro- and small ones, to be highly problematic as it is not an appropriate mechanism to identify essential entities, and imposes undue burdens on entities which do not represent a critical share on the market. CLECAT strongly recommends the following changes to be made to the scope of the NIS2 Directive:
- Removal of the size-cap, covering all entities which employ in excess of 50 persons and whose annual turnover and/or annual balance sheet total exceeds €10 million
- Introduction of realistic and appropriate criteria for determining the scope, which should be sector-specific and cover entities which actually are essential. If an expansion of scope is pursued, it should always follow a risk-based approach and only be introduced after thorough assessment of the actual risk posed and impact expected by entities in the respective sector.
The below Position Paper describes in detail why the current scope is considered problematic, and provides a detailed justification for the proposed alternative scope.