As noted by the European Commission, NIS2 is the EU-wide legislation on cybersecurity which updates the 2016 NIS Directive (see below). It provides legal measures to boost the overall level of cybersecurity in the EU, by modernising the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.
By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
The following are an example of some of the elements of the Directive:
- Increasing Member States' preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority;
- Improving cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States;
- Strengthening a culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure;
- Ensuring businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.
Ireland continues to work through the transposition requirements of the Directive, for its due date of 17 October 2024. It is intended that a draft Heads of Bill will be brought before Cabinet ahead of year end, 2023.
The NCSC is committed to engaging with its constituents and stakeholders to ensure that requirements are communicated ahead of time, and assistance is provided where possible, and in a suitable manner.
We have published a Quick Guide, and recently (October 20th) held a webinar on the topic, available below.