European Union Agrees New Cyber Security Legislation

Uploaded on 2022-05-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The European Union (EU) has reached political agreement on new legislation that will impose common cyber security standards on critical EU industry organisations. 

The revised directive, called "NIS 2 Directive  (short for Network and Information Systems), is expected to replace the current legislation on cyber security that was established in July 2016.

The new directive falls into the EU’s existing rules on the security of network and information systems (NIS Directive) and will replace much of the current guidance. The EU stated that the laws require updating due to the increasing level of digitalisation and interconnectedness in 2022, as well as the rising level of malicious cyber activity.

The NIS 2 Directive will apply to medium and large organisations that operate in critical sectors, including digital services, waste management, manufacturing, postal services, healthcare, and public administrations. Some of the new requirements include flagging cyber security incidents to the authorities within 24 hours, patching software vulnerabilities, and preparing risk management procedures in the event of a cyber attack. 

In addition to boosting security, stricter enforcement requirements will harmonise sanctions across member states. The measures were originally proposed by the EU Commission in 2020.

Among the provisions in the new legislation are flagging cyber security incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties.

The announcement follows several significant initiatives taken by government bodies regarding cyber security. These include US President Biden’s Executive Order last year mandating zero trust requirements on federal agencies, new legislation in the US imposing reporting obligations on critical infrastructure organisations and the British Product Security and Telecommunications Infrastructure  Bill, which will place new cyber security standards on manufacturers, importers and distributors of internet-connectable devices.

Last year, the EU set out plans to create a Joint Cyber Unit to improve the ability to respond to rising cyber attacks on member states.

Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act... Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”

European Union:    EU Commission:   Competition Policy Int'l:   Oodaloop

 Infosecurity Magazine:   Hacker News

You Might Also Read:  

European Union Has Rules On Illegal Online Content:
 

« CISA Detect Vulnerabilities In VMWare Products
Clearview Pays £7.5m For Illegally Storing Facial Images »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

EPIQ Infotech

EPIQ Infotech

EPIQ Infotech is a trusted consulting and implementation partner for Oracle JD Edwards and Amazon Web Services (AWS).

SIGLA Group

SIGLA Group

SIGLA Group specialize in the design and development of IT and OT solutions, from analysis to design, from implementation to commissioning, as well as consultancy, training and assistance.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.