The Council of the European Union ('the Council') announced, on 13 May 2022, that it had reached a provisional agreement with the European Parliament ('the Parliament') on the proposal for a revised Directive on Security of Network and Information Systems ('NIS2'). In particular, the Council confirmed that it had agreed on measures for a high common level of cybersecurity across the EU, to further improve the resilience and incident response capacities of both the public and private sectors, as well as the EU as a whole. Specifically, the Council noted that NIS2 will set the baseline for cybersecurity risk management measures and reporting obligations across all sectors that are covered by N
News
EU: Council announces provisional agreement with Parliament on NIS2 Directive
May 13, 2022
Summary
The Council of the European Union announced a provisional agreement with the European Parliament on the NIS2 Directive, aiming to establish a high common level of cybersecurity across the EU. NIS2 will standardize cybersecurity risk management and reporting obligations in critical sectors like energy, transport, health, and digital infrastructure. It seeks to harmonize cybersecurity requirements across Member States, set minimum rules for a regulatory framework, and ensure effective cooperation among national authorities. The directive also updates the list of sectors subject to cybersecurity obligations and includes enforcement mechanisms through remedies and sanctions. The agreement aligns with sector-specific legislation such as DORA and CER and awaits final approval by the Council and the Parliament.