EU Finalizes Tighter Cybersecurity Law
EU governments approved stronger cybersecurity rules Monday. Once the revised network and information security directive (NIS2) takes effect, EU members will have 21 months to enact it into national law, the European Council said. NIS2 will "set the baseline for…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
cybersecurity risk management measures and reporting obligations across all sectors that are covered by the directive, such as energy, transport, health and digital infrastructure." It will apply to providers of public electronic communications services, digital services and domain name system services (see 2103220038). It will harmonize cybersecurity requirements and the way they're implemented in different countries. Under the original directive, it was up to governments to determine which entities met the criteria to qualify as essential services subject to the rules, but NIS2 introduces a size-cap rule. It also adds additional provisions "to ensure proportionality, a higher level of risk management and clear-cut criticality criteria" to allow national authorities to determine if other entities should be covered. NIS2 won backing from the European Parliament Nov. 10.