European Union Agrees New Cyber Security Legislation
The European Union (EU) has reached political agreement on new legislation that will impose common cyber security standards on critical EU industry organisations.
The revised directive, called "NIS 2 Directive (short for Network and Information Systems), is expected to replace the current legislation on cyber security that was established in July 2016.
The new directive falls into the EU’s existing rules on the security of network and information systems (NIS Directive) and will replace much of the current guidance. The EU stated that the laws require updating due to the increasing level of digitalisation and interconnectedness in 2022, as well as the rising level of malicious cyber activity.
The NIS 2 Directive will apply to medium and large organisations that operate in critical sectors, including digital services, waste management, manufacturing, postal services, healthcare, and public administrations. Some of the new requirements include flagging cyber security incidents to the authorities within 24 hours, patching software vulnerabilities, and preparing risk management procedures in the event of a cyber attack.
In addition to boosting security, stricter enforcement requirements will harmonise sanctions across member states. The measures were originally proposed by the EU Commission in 2020.
Among the provisions in the new legislation are flagging cyber security incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.
The announcement follows several significant initiatives taken by government bodies regarding cyber security. These include US President Biden’s Executive Order last year mandating zero trust requirements on federal agencies, new legislation in the US imposing reporting obligations on critical infrastructure organisations and the British Product Security and Telecommunications Infrastructure Bill, which will place new cyber security standards on manufacturers, importers and distributors of internet-connectable devices.
Last year, the EU set out plans to create a Joint Cyber Unit to improve the ability to respond to rising cyber attacks on member states.
Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act... Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”
European Union: EU Commission: Competition Policy Int'l: Oodaloop:
Infosecurity Magazine: Hacker News:
You Might Also Read: