Cybersecurity in the EU – Why we need NIS2 and what changes does it mean for the tech sector?
Cybersecurity is one of the European Commission's top priorities and a cornerstone of the digital and connected Europe. An increase of cyber attacks during the COVID crisis has shown how important it is to protect hospitals, research centres and other critical infrastructure.
According to the Commission, the review of the Directive on Security of Network and Information Systems (NIS2) is an essential step towards a more resilient Europe, ensuring state-of-the-art risk management of current and emerging cyber threats to vital sectors of the EU economy and society. Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, said: "The digital transformation is accelerating, but can only succeed if people and businesses can trust that the connected products and services - on which they rely – are secure."
Increased cybercrime activity has an even greater impact when it becomes the vector to large-scale operations, such as ransomware attacks against critical infrastructures. The shutdowns of Ireland’s health service in June 2021, and the recent paralysis of local administration in the Belgian city of Liege are only the latest examples.
The new text aims to address several shortcomings of the NIS1 Directive. It categorises companies into ‘essential’ and ‘important’ based on the criticality of their services and subjects the two categories to different supervisory regimes. The NIS2 proposal covers new services, such as the manufacturing of pharmaceuticals, medical devices and chemicals, the food sector, wastewater and waste management, postal and courier services as well as public administration.
Digital infrastructure, such as internet exchange point providers, top-level domain name registries, and cloud and data centre providers would be considered ‘essential’ entities. Online marketplaces, search engines, providers of social networking and services platforms would be labelled as ‘important’ entities.
Join this EURACTIV Virtual Conference to discuss the NIS2 Directive and how it can future-proof the EU's economy and society. Questions to be addressed include:
- Is the dividing line between ‘important’ and ‘essential’ entities clear?
- What will NIS2 mean in practice for companies? Will it minimise additional administrative burdens?
- Will it create greater harmonisation and a level playing field across the Union?
- Can NIS2 address security of supply chains and supplier relationships?
- Is its enforcement manageable, given the number of European essential entities in scope?