The Commission has adopted today the first implementing rules on cybersecurity of critical entities and networks under the Directive on measures for high common level of cybersecurity across the Union (NIS2 Directive).
This implementing act details cybersecurity risk management measures as well as the cases in which an incident should be considered significant and companies providing digital infrastructures and services should report it to national authorities. This is another major step in boosting the cyber resilience of Europe's critical digital infrastructure.
The implementing regulation adopted today will apply to specific categories of companies providing digital services, such as cloud computing service providers, data centre service providers, online marketplaces, online search engines and social networking platforms, to name a few. For each category of service providers, the implementing act also specifies when an incident is considered significant.
Today's adoption of the implementing regulation coincides with the deadline for Member States to transpose the NIS2 Directive into national law. As of tomorrow, 18 October 2024, all Member States must apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures.
Go back
European Union
New rules to boost cybersecurity of EU's critical entities
The first implementing rules on cybersecurity of critical entities and networks.
European Commission/AICEP
17th Oct 2024