Members' Research Service By / February 22, 2021

The NIS2 Directive: A high common level of cybersecurity in the EU [EU Legislation in Progress]

Cyber-attacks, besides being among the fastest-growing form of crime worldwide, are also growing in scale, cost and sophistication. In 2017, Cybersecurity Ventures forecast that global ransomware damage costs would reach US$20 billion by 2021, 57 times more than the amount in 2015.

© tanaonte / Adobe Stock

Written by Mar Negreiro (2nd edition, updated on 1.12.2021),

The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market.

To respond to the growing threats posed with digitalisation and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonised sanctions across the EU. The proposed expansion of the scope covered by the NIS2, by effectively obliging more entities and sectors to take measures, would assist in increasing the level of cybersecurity in Europe in the longer term.

Within the European Parliament, the file has been assigned to the Committee on Industry, Research and Energy. The committee adopted its report on 28 October 2021, as well as a mandate to enter into interinstitutional negotiations.

Complete version

Proposal for a directive on measures for a high common level of cybersecurity across the Union
Committee responsible: Industry, Research and Energy (ITRE) COM(2020) 823
Rapporteur: Bart Groothuis (Renew, the Netherlands) 2020/0359(COD)
Shadow rapporteurs: Eva Maydell (EPP, Bulgaria)
Eva Kaili (S&D, Greece)
Thierry Mariani (ID, France)
Rasmus Andresen (Greens/EFA, Germany)
Evžen Tošenovský (ECR, Czechia)
Marisa Matias (The Left, Portugal)
Ordinary legislative procedure (COD) (Parliament and Council on equal footing – formerly ‘co-decision’)
Next steps expected: Trilogue negotiations


Related Articles

Leave a Reply

%d bloggers like this: