New Network and Information Security Directive NIS2

Help your organisation to comply with the European Union’s NIS2 directive with Thales.

In 2016, the European Commission proposed the EU Network and Information Security (NIS) directive. The NIS directive was the first piece of EU-wide cybersecurity legislation. The goal was to enhance cybersecurity across the European Union. The NIS directive was adopted in 2016 and subsequently, since it was an EU directive, every EU member state had to adopt a national legislation, which followed or transposed the directive. However while contributing to improving cybersecurity, the 2016 NIS directive relied heavily on the discretion of individual member states, and lacked the accountability required.

On May 13th 2022, in order to respond to the growing threats posed by increasing digitalisation and the surge in cyber-attacks, the European Commission announced plans to replace the NIS Directive in order to strengthen security requirements and cyber resilience, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the European Union. The expansion of the scope covered by NIS2, by effectively obliging more entities and sectors to take measures, would assist in increasing the level of cybersecurity in Europe in the longer term. Before becoming effective in June 2024, the agreement has to be approved by the European Parliament and the Council.