NIS2 Directive: New Cyber Security Rules in the EU
The European Commission's NIS2 Directive, aimed at harmonizing cybersecurity regulations across EU member states, entered into force on January 16, 2023. Key elements of the NIS2 Directive include broader application to additional industries, a list of security measures, initial notification obligations within 24 hours of significant cyber threats, strengthened supply chain cybersecurity, coordinated risk assessments, and stricter enforcement with fines up to €10 million or 2% of total global annual turnover. Member states must incorporate the NIS2 Directive provisions into their national laws by October 17, 2024.