NIS2 will be heading our way. Let’s see if it improves the security of critical infrastructure, it certainly needs it…:
TALLINN – The government on Thursday gave its nod to the official position of Estonia in favor of a planned directive of the European Union which aims to ensure an even and higher level of cybersecurity of network and information systems across the EU.
“The first union-wide legislative act concerning the security of network and information systems, meaning the NIS directive, was adopted in 2016, and it had to ensure an evenly high level of security in the entire EU,” Estonia’s Minister of Entrepreneurship and IT Andres Sutt said in a press release on Thursday
The minister observed that even though cyber capabilities have evened out across the EU, cyber threats have become more diverse and countries’ dependence on digital solutions has increased significantly.
“To keep pace with changing cyber risks and resolve new challenges, we must review, in addition to national regulations, also bottlenecks in the current EU legislation and update it,” Sutt said.
The proposal for the new directive, NIS2, covers more sectors and units compared with the current directive, seeks to harmonize the application of requirements to large and medium-sized enterprises, steps up security requirements, adds the obligation to notify significant cyber threats, specifies rules for the notification of a cyber incident, and addresses the security of supply chains.