Scribd
Upload
17 views2 pages

Factsheet NIS Infrastructure 20230113 UuxADzZKm9pofwUb8XDo2I6o0Y 72155

Uploaded by

frankchow.hph
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views2 pages

Factsheet NIS Infrastructure 20230113 UuxADzZKm9pofwUb8XDo2I6o0Y 72155

Uploaded by

frankchow.hph
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

HITTING THE REFRESH BUTTON

ON CYBERSECURITY RULES
NIS2: DIRECTIVE ON MEASURES
FOR A HIGH COMMON LEVEL OF
CYBERSECURITY ACROSS THE UNION

16 January 2023
#DigitalEU

The first EU-wide law on cybersecurity , the NIS Directive, came into force in
2016 and helped achieve a higher and more even level of security of network and information systems across
the EU. In view of the unprecedented digitalisation, new rules now ensure stronger cybersecurity.

How?
NIS NIS 2
Greater capabilities
EU Member States More stringent supervision measures and A list of administrative sanctions, including fines for
improve their enforcement are introduced. breach of the cybersecurity risk management and
cybersecurity reporting obligations is established.
capabilities.

Cooperation
Increased EU-level Establishment of European Cyber crises liaison Increased information Coordinated vulnerability
cooperation. organisation network (EU- CyCLONe) to support sharing and cooperation disclosure for newly
coordinated management of large scale between Member State discovered vulnerabilities
cybersecurity incidents and crises at EU level authorities with enhanced across the EU is
role of the Cooperation established.
Group.

Cybersecurity risk management


Operators of Essential Strengthened security requirements with Cybersecurity Accountability Streamlined
Services (OES) a list of focused measures including incident of supply of the company incident reporting
and Digital Service handling and crisis management, vulnerability chain for key management for obligations with
Providers (DSP) handling and disclosure, policies and procedures information and compliance with more precise
have to adopt risk to assess the effectiveness of cybersecurity communication cybersecurity provisions on
management practices risk management measures, basic computer technologies risk-management the reporting
and notify significant hygiene practices and cybersecurity training, will be measures. process, content
incidents to their the effective use of cryptography, and human strengthened. and timeline.
national authorities. resource security, access control policies and
asset management.
SECTORS COVERED BY THE NIS DIRECTIVE
NIS

BANKING AND FINANCIAL


HEALTHCARE TRANSPORT MARKET INFRASTRUCTURE

DIGITAL INFRASTRUCTURE WATER SUPPLY ENERGY

DIGITAL SERVICE
PROVIDERS

NIS 2
Expanded scope to include more sectors and services as either essential or important entities.

PROVIDERS OF PUBLIC DIGITAL SERVICES SUCH AS SOCIAL


ELECTRONIC COMMUNICATIONS NETWORKING SERVICES PLATFORMS
NETWORKS OR SERVICES AND DATA CENTRE SERVICES

WASTE WATER AND WASTE MANAGEMENT SPACE

MANUFACTURING OF CERTAIN CRITICAL


PRODUCTS (SUCH AS PHARMACEUTICALS, POSTAL AND COURIER SERVICES
MEDICAL DEVICES, CHEMICALS)

FOOD PUBLIC ADMINISTRATION

© European Union, 2023


Updated 2023-01-13

Reuse is authorised provided the source is acknowledged. The reuse policy of European Commission documents is regulated by Decision 2011/833/EU (OJ L 330,
14.12.2011, p. 39). For any use or reproduction of elements that are not owned by the European Union, permission may need to be sought directly from the respective
rightholders. All images © Getty Images Plus / iStock / DigitalVision Vectors

PDF ISBN 978-92-76-27602-9 doi: 10.2759/0630 KK-02-20-102-EN-N


BOOK ISBN 978-92-76-27603-6 doi:10.2759/7745526 KK-02-20-102-EN-C

You might also like