On 13 May 2022, the Council and the European Parliament agreed on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), which adapts the previous NIS Directive to current needs.
The provisional agreement responds to Europe's increased exposure to cyber threats by improving the resilience and incident response capacities of the public and private sectors and the European Union as a whole. The new rules cover a wider scope compared to the previous Directive and force more entities to take cybersecurity risk management measures.
In particular, the NIS 2 Directive will strengthen cybersecurity requirements, introduce more stringent supervisory measures for national authorities, harmonise sanctions regimes across the Member States, and improve information sharing and cooperation on cyber crisis management across Europe.
Before entering into force, the agreement has to be approved by the European Parliament and the Council.
Read the press release