Members' Research Service By / February 22, 2021

The NIS2 Directive: A high common level of cybersecurity in the EU [EU Legislation in Progress]

Cyber-attacks, besides being among the fastest-growing form of crime worldwide, are also growing in scale, cost and sophistication. In 2017, Cybersecurity Ventures forecast that global ransomware damage costs would reach US$20 billion by 2021, 57 times more than the amount in 2015.

The NIS2 Directive: A high common level of cybersecurity in the EU [EU Legislation in Progress]
© tanaonte / Adobe Stock

Written by Mar Negreiro (4th edition, updated on 08.02.2023),

The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market.

To respond to the growing threats posed with digitalisation and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the EU. The proposed expansion of the scope covered by NIS2, by effectively obliging more entities and sectors to take measures, would assist in increasing the level of cybersecurity in Europe in the longer term.

Within the European Parliament, the file was assigned to the Committee on Industry, Research and Energy. The committee adopted its report on 28 October 2021, while the Council agreed its position on 3 December 2021. The co-legislators reached a provisional agreement on the text on 13 May 2022. The political agreement was formally adopted by the Parliament and then the Council in November 2022. It entered into force on 16 January 2023, and Member States now have 21 months, until 17 October 2024, to transpose its measures into national law.

Complete version

Proposal for a directive on measures for a high common level of cybersecurity across the Union
Committee responsible: Industry, Research and Energy (ITRE) COM(2020) 823
16.12.2021
Rapporteur: Bart Groothuis (Renew, the Netherlands) 2020/0359(COD)
Shadow rapporteurs: Eva Maydell (EPP, Bulgaria)
Eva Kaili (S&D, Greece)
Thierry Mariani (ID, France)
Rasmus Andresen (Greens/EFA, Germany)
Evžen Tošenovský (ECR, Czechia)
Marisa Matias (The Left, Portugal)		 Ordinary legislative procedure (COD) (Parliament and Council on equal footing – formerly ‘co-decision’)
Next steps expected: Directive (EU) 2022/2555

OJ L 333, 27.12.2022, pp 80-152

Categories: Economic and Social Policies, PUBLICATIONS Tags: , , , , , ,
Members' Research Service

The central task of the Members Research Service is to ensure that all Members of the European Parliament are provided with analysis of, and research on, policy issues relating to the European Union, in order to assist them in their parliamentary work.
Related Articles

The single market at 30 (1993-2023)

Electoral thresholds in European Parliament elections

Minimum age to stand as a candidate in European elections

Voting age for European elections

Mexico: Economic indicators and trade with EU

Outcome of the European Political Community meeting in Bulboaca, Moldova, on 1 June 2023

2023 G7 Summit: Preparing for a new global order?

Plenary round-up – May II 2023

Cross-border exchange of information on road safety-related traffic offences [EU Legislation in Progress]

Ensuring the recovery and resilience of EU small and medium-sized enterprises

New economic governance rules [EU Legislation in Progress]

Latest on Russia’s war on Ukraine [What Think Tanks are thinking]

Comments

Leave a Reply

Download the EPRS App

In focus

We write about

RSS Link to Members’ Research Service

RSS Link

Social Media

Blogroll

Disclaimer and Copyright statement

The content of all documents (and articles) contained in this blog is the sole responsibility of the author and any opinions expressed therein do not necessarily represent the official position of the European Parliament. It is addressed to the Members and staff of the EP for their parliamentary work. Reproduction and translation for non-commercial purposes are authorised, provided the source is acknowledged and the European Parliament is given prior notice and sent a copy.
For a comprehensive description of our cookie and data protection policies, please visit Terms and Conditions page.
Copyright © European Union, 2014-2023. All rights reserved.

%d bloggers like this: