European Union Agrees New Cyber Security Legislation

Uploaded on 2022-05-23 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-Law

The European Union (EU) has reached political agreement on new legislation that will impose common cyber security standards on critical EU industry organisations. 

The revised directive, called "NIS 2 Directive  (short for Network and Information Systems), is expected to replace the current legislation on cyber security that was established in July 2016.

The new directive falls into the EU’s existing rules on the security of network and information systems (NIS Directive) and will replace much of the current guidance. The EU stated that the laws require updating due to the increasing level of digitalisation and interconnectedness in 2022, as well as the rising level of malicious cyber activity.

The NIS 2 Directive will apply to medium and large organisations that operate in critical sectors, including digital services, waste management, manufacturing, postal services, healthcare, and public administrations. Some of the new requirements include flagging cyber security incidents to the authorities within 24 hours, patching software vulnerabilities, and preparing risk management procedures in the event of a cyber attack. 

In addition to boosting security, stricter enforcement requirements will harmonise sanctions across member states. The measures were originally proposed by the EU Commission in 2020.

Among the provisions in the new legislation are flagging cyber security incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.

The announcement follows several significant initiatives taken by government bodies regarding cyber security. These include US President Biden’s Executive Order last year mandating zero trust requirements on federal agencies, new legislation in the US imposing reporting obligations on critical infrastructure organisations and the British Product Security and Telecommunications Infrastructure  Bill, which will place new cyber security standards on manufacturers, importers and distributors of internet-connectable devices.

Last year, the EU set out plans to create a Joint Cyber Unit to improve the ability to respond to rising cyber attacks on member states.

Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act... Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”

European Union:    EU Commission:   Competition Policy Int'l:   Oodaloop

 Infosecurity Magazine:   Hacker News

You Might Also Read:  

European Union Has Rules On Illegal Online Content:
 

« CISA Detect Vulnerabilities In VMWare Products
Clearview Pays £7.5m For Illegally Storing Facial Images »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

Global Cyber Security Capacity Centre (GCSCC) - Oxford University

GCSCC's work is focused on developing a framework for understanding what works, what doesn’t work and why – across all areas of cybersecurity capacity.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.