Scope: |
This ESSENTIAL introduces some aspects set by the NIS-2-directive with respect to cybersecurity.
For actual product related requirements see "ESSENTIAL ESS EEA Cybersecurity - Products with digital elements" and Cyber Resilience Act.
|
Legislation in force: |
NIS-2-Directive (EU) 2022/2555
Publication in Official Journal of the European Union on 27. December 2022.
Transposition by member states by 17 October 2024.
Application of measures by 18 October 2024.
Brief description of NIS-2-Directive (EU) 2022/2555
Scope:
- significantly expanded compared to NIS.
- companies that employ more than 50 people AND
- have an annual turnover or an annual balance sheet of more than EUR 10 million AND
- belong to a critical or most important sector.
- covered sectors are being massively expanded.
- critical health sector will include healthcare providers, for example, and in particular laboratories, medical research and pharmaceuticals, and manufacturers of medical devices.
- critical “digital infrastructure” sector, which in future will also include cloud providers, data centers and content delivery networks in particular, will be significantly expanded.
- important sectors will include the entire industrial sector and in particular manufacturers of medical devices and computers, but also the mechanical engineering and mobility sectors.
Obligations:
- NIS 2 directive provides for various risk management measures and reporting obligations for companies
- in particular the creation of risk analysis and security concepts for the information systems, the management of incidents, the disclosure of weak points and ensuring security in the supply chain.
- two-step approach is envisaged for reporting.
- after becoming aware of an incident, companies have 24 hours to submit a preliminary report, followed by a final report no later than one month later.
Entities & Sectors:
- in NIS 2 more entities and sectors will have to take measures to protect themselves:
- “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions.
- “Important sectors” (NEW) also fall under NIS 2 such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation.
|