European Union Agrees New Cyber Security Legislation

The European Union (EU) has reached political agreement on new legislation that will impose common cyber security standards on critical EU industry organisations. 

The revised directive, called "NIS 2 Directive  (short for Network and Information Systems), is expected to replace the current legislation on cyber security that was established in July 2016.

The new directive falls into the EU’s existing rules on the security of network and information systems (NIS Directive) and will replace much of the current guidance. The EU stated that the laws require updating due to the increasing level of digitalisation and interconnectedness in 2022, as well as the rising level of malicious cyber activity.

The NIS 2 Directive will apply to medium and large organisations that operate in critical sectors, including digital services, waste management, manufacturing, postal services, healthcare, and public administrations. Some of the new requirements include flagging cyber security incidents to the authorities within 24 hours, patching software vulnerabilities, and preparing risk management procedures in the event of a cyber attack. 

In addition to boosting security, stricter enforcement requirements will harmonise sanctions across member states. The measures were originally proposed by the EU Commission in 2020.

Among the provisions in the new legislation are flagging cyber security incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.

The announcement follows several significant initiatives taken by government bodies regarding cyber security. These include US President Biden’s Executive Order last year mandating zero trust requirements on federal agencies, new legislation in the US imposing reporting obligations on critical infrastructure organisations and the British Product Security and Telecommunications Infrastructure  Bill, which will place new cyber security standards on manufacturers, importers and distributors of internet-connectable devices.

Last year, the EU set out plans to create a Joint Cyber Unit to improve the ability to respond to rising cyber attacks on member states.

Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act... Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”

European Union:    EU Commission:   Competition Policy Int'l:   Oodaloop

 Infosecurity Magazine:   Hacker News

You Might Also Read:  

European Union Has Rules On Illegal Online Content:
 

« CISA Detect Vulnerabilities In VMWare Products
Clearview Pays £7.5m For Illegally Storing Facial Images »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Lima Networks

Lima Networks

LIMA design and deliver IT Infrastructure solutions and services including managed Security Monitoring services.

Delphix

Delphix

Delphix is the industry leader for DevOps test data management.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

ECS Ethiopia

ECS Ethiopia

ECS Ethiopia provides Ethiopia’s leading institutions with top cyber-security expertise and technology to enable them to overcome risks and market barriers enabling them to grow their business.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.