The European Parliament and EU member states agreed on stricter cybersecurity measures for entities belonging to critical sectors.
Following the first directive known as NIS, the implemented cybersecurity rules had to be updated due to the increase in cyber malicious activities and rising digitalization of all spheres of our lives.
The revised strategy oversees medium and large entities belonging to “critical sectors,” including providers of public electronic communications services, digital services, waste water and waste management, manufacturing of critical products, postal and courier services, and public administration, both at central and regional level.
“This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services,” Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, commented.
The NIS 2 Directive also covers the healthcare sector, paying particular attention to securing the industry from threats that appeared following the COVID-19 pandemic.
“Cybersecurity was always essential to shield our economy and our society against cyber threats; it is becoming critical as we are moving further in the digital transition. The current geopolitical context makes it even more urgent for the EU to ensure that its legal framework is fit for purpose,” Margaritis Schinas, Vice-President for Promoting our European Way of Life, said.
Additionally, the directive will hold top management accountable for non-compliance and will strive for harmonising sanctions regimes across the union.
“Cyber threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and to make sure our citizens and infrastructures are protected. In today’s cybersecurity landscape, cooperation and rapid information sharing are of paramount importance,” Thierry Breton, Commissioner for the Internal Market, noted.
Breton furtherly suggested that the agreement will be complemented by the upcoming Cyber Resilience Act, aimed at establishing cybersecurity requirements covering digital products and their services.
More from Cybernews:
Subscribe to our newsletter