EU announces provisional cybersecurity directive
The European Parliament announced a “provisional agreement” with the aim of bolstering cybersecurity and resilience of both public and private sector entities in the European Union.
It’s expected that the revised directive, dubbed “NIS2” (short for network and information systems), will take the place of pre-existing legislation originally established in 2016.
The revision puts in place ground rules that require companies in energy, transport, financial markets, health, and digital infrastructure sectors to abide by management measures and reporting obligations.
The new legislation includes provisions such as flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks. Failure to adhere to these rules will result in fines.