Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
The NIS 2 Directive came into force on 16 January 2023, repealing the NIS Directive, and creating a common level of cybersecurity.
The NIS 2 Directive (“NIS2”) entered into force on 16 January 2023, with the aim of creating a higher common level of cybersecurity in the European Union (“EU”). NIS2 repeals the NIS Directive (“NIS”), which we wrote about here. Member states will have 21 months (until 17 October 2024) to incorporate NIS2 into national law.
How does NIS2 differ from NIS?
NIS2 aims to remedy the inadequacies of NIS, namely the inconsistency between member states in relation to cybersecurity requirements and implementation of measures. The new Directive is wider in scope and builds upon NIS to create a more harmonised and robust approach to cybersecurity measures, reporting obligations and enforcement with the goal of increased collaboration and more efficient crisis management.
Some of the main changes brought about by NIS2 include:
What does this mean for businesses?
Cybersecurity has been high on the agenda as a priority for the EU in light of increased threats to businesses and it continues to pose significant challenges as the technological landscape develops rapidly. The introduction of NIS2 indicates that the risk of cyber threats will continue to dominate the agenda but also highlights the proactive approach to and the recognition by the EU of significant developments since NIS was first introduced in 2016.
Relevance for UK businesses
Although the UK is no longer part of the EU (meaning that NIS2 does not directly apply), many businesses operate within the EU, which will require them to comply with NIS2 in order to maintain the same level of security standards as other member states.
Looking to the future, it is also likely that, as with the data protection landscape, regulators in the UK will seek to introduce similar requirements to those in the EU as cybersecurity is global issue. This has already been demonstrated by the Government’s proposals to improve the UK’s cyber resilience which suggest that many of the proposed changes (widening the scope of regulation and increasing incident reporting requirements) will be similar to those in NIS2. Therefore, proactivity of businesses at an early stage when it comes to cybersecurity will be of significant value to in order to stay competitive and to ensure sufficient protection against cyber threats.
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR)
© Copyright 2006 – 2023 Law Business Research
