On Friday, 18 October 2024, the (EU) 2022/2555 on Security of Network and Information Systems (NIS2 Directive) became fully enforceable across the European Union, building on the cybersecurity requirements under the previous NIS Directive.
With an expanded scope, the NIS2 Directive now includes a wide range of sectors such as energy, transport, digital infrastructure, health, manufacturing, and pharmaceuticals. Among its key provisions, the NIS2 Directive establishes stricter cybersecurity obligations that require covered entities to implement essential security measures and report significant incidents to competent authorities within 24 hours of becoming aware of them. Furthermore, the NIS2 Directive places direct responsibilities on management bodies to ensure the adequate implementation of cybersecurity practices across their organisations and supply chains. Regulators are also equipped with enhanced enforcement capabilities, allowing them to levy severe fines for non-compliance, with penalties reaching up to €10 million or 2% of a company's global turnover.
Download the NIS2 Directive implementing Regulation and Annex.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.