Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)

Author (Corporate) ,
Series Title
Series Details L 333, Pages 80-152
Publication Date 27/12/2022
Content Type , , ,

Summary:

Directive (EU) 2022/2555 - formally adopted by the co-legislators on 14 December 2022 - revising the legislative framework concerning cyber-security across the European Union (EU). It revises and repeals Directive (EU) 2016/1148 (NIS Directive). It also introduces amendments to Regulation (EU) No 910/2014 and Directive (EU) 2018/1972. The Act is known as the NIS2 Directive. This is a text with EEA relevance.

Further information:

This Directive lays down obligations that require Member States to adopt national cybersecurity strategies and to designate or establish competent authorities, cyber crisis management authorities, single points of contact on cybersecurity and computer security incident response teams (CSIRTs). It also sets out cybersecurity risk-management measures and reporting obligations for a number of entities, rules and obligations on cybersecurity information sharing, and supervisory and enforcement obligations in Member States.

Directive (EU) 2016/1148 - also known as the NIS Directive - was the first piece of EU-wide legislation on cybersecurity and has provided legal measures to boost the overall level of cybersecurity in the European Union. The need for a legislative revision arose from the increased digitisation of the internal market and an evolving cyber security threat landscape. The review also addressed several weaknesses that prevented the NIS Directive from unlocking its full potential.

The draft law was adopted by the European Commission on 16 December 2020, as part of a package which also includes a new EU Cybersecurity Strategy. It sought to modernise the legal framework, covering medium and large entities from more sectors based on their criticality for the economy and society. The European Parliament adopted a negotiating position on 22 November 2021. The Council of the European Union adopted its general approach on 3 December. An informal agreement between the co-legislators on a compromise text for this file was reached on 13 May 2022. This was formally endorsed by the Parliament's plenary on 10 November and by the Council on 28 November. The Act was signed by the co-legislators on 14 December 2022 and published in the Official Journal on 27 December 2022.

Source Link Link to Main Source http://data.europa.eu/eli/dir/2022/2555/oj
Related Links
Official
EUR-LEX: COM(2020)823: Proposal for a Directive on measures for a high common level of cybersecurity across the Union https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2020:823:FIN
EUR-LEX: SWD(2020)344: Staff Working Document accompanying the Proposal - Executive Summary of the Impact Assessment https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2020:344:FIN
EUR-LEX: SWD(2020)345: Staff Working Document accompanying the Proposal - Impact Assessment https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2020:345:FIN
European Parliament: Legislative Observatory: Procedure File for Proposal on a high common level of cybersecurity (2020/0359(COD)) https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2020/0359(COD)
European Parliament: Legislative Train Schedule: Review of the Directive on security of network and information systems https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-review-of-the-nis-directive
European Commission: Digital Single Market: Cybersecurity https://ec.europa.eu/digital-single-market/en/cybersecurity
EU ENISA: Topics: NIS Directive https://www.enisa.europa.eu/topics/nis-directive
European Commission: News, 16/12/2020: Proposal for directive on measures for high common level of cybersecurity across the Union https://ec.europa.eu/digital-single-market/en/news/proposal-directive-measures-high-common-level-cybersecurity-across-union
European Commission: Press Release, 16/12/2020: New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient https://ec.europa.eu/commission/presscorner/detail/en/IP_20_2391
European Commission: New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient – Questions and Answers https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_2392
European Commission: Opening remarks by Vice-President Margaritis Schinas at the press conference on the cybersecurity strategy https://ec.europa.eu/commission/presscorner/detail/en/speech_20_2460
Council of the European Union: Press Release, 03/12/2021: Strengthening EU-wide cybersecurity and resilience – Council agrees its position https://www.consilium.europa.eu/en/press/press-releases/2021/12/03/strengthening-eu-wide-cybersecurity-and-resilience-council-agrees-its-position/
Council of the European Union: Press Release, 13/05/2022: Strengthening EU-wide cybersecurity and resilience – provisional agreement by the Council and the European Parliament https://www.consilium.europa.eu/en/press/press-releases/2022/05/13/renforcer-la-cybersecurite-et-la-resilience-a-l-echelle-de-l-ue-accord-provisoire-du-conseil-et-du-parlement-europeen/
European Commission: Press Release, 13/05/2022: Commission welcomes political agreement on new rules on cybersecurity of network and information systems https://ec.europa.eu/commission/presscorner/detail/en/ip_22_2985
European Parliament: Press Release, 10/11/2022: Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience https://www.europarl.europa.eu/news/en/press-room/20221107IPR49608/
Council of the European Union: Press Release, 28/11/2022: EU decides to strengthen cybersecurity and resilience across the Union: Council adopts new legislation https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/eu-decides-to-strengthen-cybersecurity-and-resilience-across-the-union-council-adopts-new-legislation/

News
Euronews, 13/05/2022: EU governments, lawmakers agree on tougher cybersecurity rules for key sectors https://www.euronews.com/next/2022/05/13/eu-cybersecurity
Politico, 13/05/2022: EU lands new law to fight off hackers in critical sectors https://www.politico.eu/article/eu-lands-new-law-to-fight-off-hackers-in-critical-sectors/

Commentary and Analysis
EPRS: Briefing, February 2021: Improving the common level of cybersecurity across the EU (Initial Appraisal of a European Commission Impact Assessment) https://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2021)662606
BEUC: Position Paper, May 2021: Review of the Network and Information Systems Directive (NIS 2) https://www.beuc.eu/publications/review-network-and-information-systems-directive-nis2
KU Leuven: CiTiP Blog, 04/05/2021: The NIS2 proposal: which regulatory challenges for healthcare cybersecurity? https://www.law.kuleuven.be/citip/blog/the-nis2-proposal-which-regulatory-challenges-for-healthcare-cybersecurity/
Information Technology Industry Council (ITI): Event, 27/05/2021: Cybersecurity 2.0: How can the EU’s NIS2 Proposal Advance Cybersecurity in Europe? https://www.youtube.com/watch?v=vANoxX-SEyc
ORGALIM: Position Paper, 11/06/2021: Digital Transformation: Position Paper on the European Commission’s proposal for a Directive on measures for a high common level of cybersecurity across the European Union (NIS2) https://orgalim.eu/position-papers/digital-transformation-position-paper-european-commissions-proposal-directive
Internet Society: Blog, 15/10/2021: European Union’s Network and Information Security Directive Threatens Internet with Fragmentation and Creates Security Risks https://www.internetsociety.org/blog/2021/10/european-unions-network-and-information-security-directive-threatens-internet-fragmentation-and-creates-security-risks/
CENTR: Blog, 18/10/2021: NIS 2: pay attention or pay the costs https://www.centr.org/news/blog/nis2-costs.html
Euronews: View, 06/11/2021: Why is the European Union trying to break the Internet? | View https://www.euronews.com/2021/11/06/why-is-the-european-union-trying-to-break-the-internet-view
Huawei: Blog, 08/11/2021: NIS 2: EU Reviews Rules for Network and Information System Security https://blog.huawei.com/2021/11/08/nis2-eu-rules-governing-security-networks-information-systems/
European Data Journalism Network: News, 02/12/2021: Brussel’s plan to protect the EU from cyberattacks https://www.europeandatajournalism.eu/eng/News/Data-news/Brussel-s-plan-to-protect-the-EU-from-cyberattacks
Pinsent Masons: Out-Law News, 07/12/2021: EU Council of Ministers agrees position on ‘NIS2’ cyber law https://www.pinsentmasons.com/out-law/news/eu-council-of-ministers-agrees-position-nis2-cyber-law
IAPP: News, 13/05/2022: EU institutions reach provisional agreement on cybersecurity directive https://iapp.org/news/a/eu-institutions-have-provisional-agreement-on-cybersecurity-directive/
EPRS: Briefing, June 2022: The NIS2 Directive: A high common level of cybersecurity in the EU https://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2021)689333
EPRS: At a Glance, November 2022: A high common level of cybersecurity – NIS2 https://www.europarl.europa.eu/thinktank/en/document/EPRS_ATA(2022)738184

Subject Categories , ,
Subject Tags ,
Keywords
International Organisations