European Union Agrees New Cyber Security Legislation

The European Union (EU) has reached political agreement on new legislation that will impose common cyber security standards on critical EU industry organisations. 

The revised directive, called "NIS 2 Directive  (short for Network and Information Systems), is expected to replace the current legislation on cyber security that was established in July 2016.

The new directive falls into the EU’s existing rules on the security of network and information systems (NIS Directive) and will replace much of the current guidance. The EU stated that the laws require updating due to the increasing level of digitalisation and interconnectedness in 2022, as well as the rising level of malicious cyber activity.

The NIS 2 Directive will apply to medium and large organisations that operate in critical sectors, including digital services, waste management, manufacturing, postal services, healthcare, and public administrations. Some of the new requirements include flagging cyber security incidents to the authorities within 24 hours, patching software vulnerabilities, and preparing risk management procedures in the event of a cyber attack. 

In addition to boosting security, stricter enforcement requirements will harmonise sanctions across member states. The measures were originally proposed by the EU Commission in 2020.

Among the provisions in the new legislation are flagging cyber security incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.

The announcement follows several significant initiatives taken by government bodies regarding cyber security. These include US President Biden’s Executive Order last year mandating zero trust requirements on federal agencies, new legislation in the US imposing reporting obligations on critical infrastructure organisations and the British Product Security and Telecommunications Infrastructure  Bill, which will place new cyber security standards on manufacturers, importers and distributors of internet-connectable devices.

Last year, the EU set out plans to create a Joint Cyber Unit to improve the ability to respond to rising cyber attacks on member states.

Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act... Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”

European Union:    EU Commission:   Competition Policy Int'l:   Oodaloop

 Infosecurity Magazine:   Hacker News

You Might Also Read:  

European Union Has Rules On Illegal Online Content:
 

« CISA Detect Vulnerabilities In VMWare Products
Clearview Pays £7.5m For Illegally Storing Facial Images »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

Netherlands Organisation for Scientific Research (NWO)

Netherlands Organisation for Scientific Research (NWO)

NWO supports and promotes scientific research in the Netherlands. Research programs include the area of cyber security.

Raz-Lee Security

Raz-Lee Security

Raz-Lee Security is the leading security solution provider for IBM Power i, otherwise known as iSeries or AS/400 servers.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Caveonix

Caveonix

Caveonix’s RiskForesight TM solution is an automated, proactive risk and compliance platform designed for hybrid and multi-cloud.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

CyberGuard Technologies

CyberGuard Technologies

CyberGuard Technologies provides a suite of fully managed end-to-end security services from its 24/7 UK security operations centre.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

SecurityGen

SecurityGen

SecurityGen is a global cybersecurity start-up focused on telecom security, with a focus on 5G networks.

GM Sectec

GM Sectec

GM Sectec is the world's largest independent Cyber Defense and Fraud Prevention firm laser focused on payment security.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.