Security News > 2022 > May > EU’s NIS 2 Directive to strengthen cybersecurity requirements for companies
The Commission welcomes the political agreement reached between the European Parliament and EU Member States on the Directive on measures for a high common level of cybersecurity across the Union proposed by the Commission in December 2020.
The existing rules on the security of network and information systems, have been the first piece of EU-wide legislation on cybersecurity and paved the way for a significant change in mind-set, institutional and regulatory approach to cybersecurity in many Member States.
To respond to this increased exposure of Europe to cyber threats, the NIS 2 Directive now covers medium and large entities from more sectors that are critical for the economy and society, including providers of public electronic communications services, digital services, waste water and waste management, manufacturing of critical products, postal and courier services and public administration, both at central and regional level.
The expansion of the scope covered by the new rules, by effectively obliging more entities and sectors to take cybersecurity risk management measures, will help increase the level of cybersecurity in Europe in the medium and longer term.
The NIS 2 Directive also strengthens cybersecurity requirements imposed on the companies, addresses security of supply chains and supplier relationships and introduces accountability of top management for non-compliance with the cybersecurity obligations.
Margaritis Schinas, VP for Promoting our European Way of Life, said: "Cybersecurity was always essential to shield our economy and our society against cyber threats; it is becoming critical as we are moving further in the digital transition. The current geopolitical context makes it even more urgent for the EU to ensure that its legal framework is fit for purpose. By agreeing on these further strengthened rules, we are delivering on our commitment to enhance our cybersecurity standards in the EU. Today, the EU shows its clear determination to champion preparedness and resilience against cyber threats, which target our economies, our democracies and peace."