EU Tightens Cyber Security Requirements for Critical Infrastructure and Services

Organizations in “essential” sectors have until October 2024 to comply with the Network and Information Systems Directive 2022 (NIS2).

The European Union’s NIS2 Directive 2022/2555 is legislation aimed at improving the security and resilience of network and information systems across the EU. Although the legislation is already in effect, EU members have until October 2024 to transpose the directive into national law. Each organization encompassed by the directive will be legally obligated to live up to its requirements in less than a year’s time. With the deadline coming up so soon, organizations must prepare themselves now to embrace these changes.

What Is NIS2?

In 2016 the EU introduced the Network and Information Security (NIS) Directive, which defined strict cybersecurity requirements for so-called essential (or critical infrastructure) companies. The aim was to strengthen security requirements by imposing a risk management approach, outlining core cybersecurity measures that organisations are expected to follow. NIS2 further extends this directive by designating more companies as essential and imposing stricter security obligations on entities that operate across these sectors.