Tuesday, November 29, 2022
No menu items!

Cybersecurity, what will change with the NIS2 Directive in the EU

Must Read

Agreement reached on NIS2 Directive: main changes in legislation and stakeholders.

Among the effects of the conflict between Russia and Ukraine is that of having emphasized the growing importance of the cybersecurity of critical infrastructures. In fact, although these are constantly in the crosshairs of state and non-state actors who exploit cyberspace for intelligence activities or as a means of psychological pressure, the ongoing clash has shown how they can constitute real strategic targets that make it possible to facilitate the activities carried out on traditional terrains.

As highlighted by a recent report published by Microsoft, cyberattacks are providing operational support to the confrontation. On the merits, this report highlights how, since the beginning of the invasion, there have been several actors with interests aligned with those of Moscow who have carried out more than 237 operations against Ukraine. These mostly occurred in conjunction with Russian war operations, although it is unclear whether the coordination was voluntary or not.

In the wake of the numerous attacks that are also affecting Member States of the European Union, this seems to have pushed the foot on the accelerator in terms of cybersecurity. In fact, in April a draft regulation was published aimed at increasing the levels of cyber security of European institutions, bodies and agencies. Furthermore, at the end of last week, the Parliament reached an agreement with the member states on the so-called Nis 2 Directive, containing measures for a common high level of cybersecurity in the Union, which will update that of 2016, which, in a similar way, will its objective was to increase the security levels of the Member States’ networks and information systems.

Looking at the main changes in the legislation and, therefore, at the main obligations that will be imposed on public and private subjects that will be included in its scope, the Nis 2 Directive will apply to medium and large subjects and, compared to its previous one version, will encompass a greater number of sectors deemed critical for the economy and society, including providers of public electronic communications and digital services, wastewater and waste managers, manufacturers of critical products, postal services and shipping companies, as well as central and regional public administrations. Furthermore, the number of subjects operating in the health sector affected by the new legislation will be expanded. For example, medical device manufacturers will be included, especially given the growing threats that emerged during the Covid-19 pandemic.

The broadening of the scope of the new rules, effectively obliging more entities and sectors to adopt new cyber risk management measures, will help to increase the level of cyber security in Europe in the medium and long term. To this end, the Nis 2 Directive will strengthen the cybersecurity requirements imposed on companies, addressing, inter alia, the issue of supply chain security and relationships with suppliers.

In addition, a significant novelty is the introduction of a liability of the top management in the event of non-compliance with the obligations imposed by the legislation and will simplify the reporting obligations of IT incidents.

Ultimately, the objective of the Nis 2 Directive is to harmonize the approach to the matter in the Member States, guaranteeing uniformity also in terms of sanctions. In addition, particular attention will be paid to sharing information on major incidents and cooperation in cyber crisis management both at national and European level.

In our country, the task of supervising the correct application of the legislation by public and private entities will most likely be the responsibility of the newly established National Cybersecurity Agency, which, to date, is, inter alia, the competent national authority and single point of contact. on the security of networks and information systems.


Please enter your comment!
Please enter your name here

Latest News

Santa Clarita shopping center is evacuated after receiving several reports of shots

Authorities received reports of a shooting inside the Westfield Valencia Town Center; investigations determined that an accidental discharge of a...

More Articles Like This