As noted by the European Commission, NIS2 is the EU-wide legislation on cybersecurity which updates the 2016 NIS Directive (see below). It provides legal measures to boost the overall level of cybersecurity in the EU, by modernising the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.

The following are an example of some of the elements of the Directive:

National Steps

Ireland continues to work through the transposition requirements of the Directive, for its due date of 17 October 2024. It is intended that a draft Heads of Bill will be brought before Cabinet ahead of year end, 2023.

The NCSC is committed to engaging with its constituents and stakeholders to ensure that requirements are communicated ahead of time, and assistance is provided where possible, and in a suitable manner.

We have published a Quick Guide, and recently (October 20th) held a webinar on the topic, available below.

NIS2 Webinar

NIS2 Quick Reference Guide Complete Version

NIS Directive

The Network and Information Systems Directive 2016/1148 was published in the Official Journal of the EU in July 2016 and was signed into Irish law on the 18th of September 2018 by way of Statutory Instrument No. 360 of 2018.

The responsibilities that the Directive places on the State and on businesses are wide ranging, but, among other things:

Operators of Essential Services (OES)

Further information on the directive in regards to Operators of Essential Services can be found here.

Digital Service Providers (DSP)

Further information on the directive in regards to Digital Service Providers can be found here.