The existing rules on the security of network and information systems (NIS Directive), have been the first piece of EU-wide legislation on cybersecurity and paved the way for a significant change in mind-set, institutional and regulatory approach to cybersecurity in many Member States. In spite of their notable achievements and positive impact, they had to be updated because of the increasing degree of digitalisation and interconnectedness of our society and the rising number of cyber malicious activities at global level.

The political agreement reached by the European Parliament and the Council is now subject to formal approval by the two co-legislators. Once published in the Official Journal, the Directive will enter into force 20 days after publication and Member States will then need to transpose the new elements of the Directive into national law. Member States will have 21 months to transpose the Directive into national law.

Full press release

NIS2 Proposal