On May the 13th 2022, the Council of Europe and the European Parliament agreed on an update to the successful NIS directive, fittingly titled NIS2. The aim is clear, namely to further improve the resilience and incident response capacities of both the public and private sector, as well as of the EU as a whole.

Once adopted, this new NIS2 directive will significantly extend the scope of the original NIS directive, by extending the 7 critical sectors (now called essential entities) listed in the NIS directive to 10 essential entities (adding Public administration, Space and Waste water to the original sectors Energy, Transport, Banking, Financial market infrastructures, Health, Drinking water, Digital infrastructure), and by adding an additional category of 6 important entities facing obligations in NIS2, albeit at a lower scale than critical sector entities. Those important entities include Postal and courier services, Waste management, Manufacture, Production and distribution of chemicals, Food production, processing and distribution, Manufacturing, Digital providers.

Furthermore, one significant and important change is that the identification of essential and important entities is not a national responsibility any more, but NIS2 mandates all entities in the listed sectors are obliged to follow NIS2, except for micro and small entities. This means that going forward, a significantly higher number of companies, including medium-sized companies, will need to follow NIS2 mandated rules.

Sadly, and as evidence supports in the last years and especially in the last months, we have to count on an increase of the frequency and the severity of cyber incidents. Whether we can afford to ignore the reality is an issue that currently many organisations in both the public and private sector prefer to not think about. CS-AWARE has from the start been designed to operate in the environment laid out by NIS. It was our understanding from the beginning that a higher level of shared resilience and cybersecurity can only be achieved by a high level of cooperation and collaboration, which in turn can only be achieved by a broad inclusion of public and private sector organisations. So it has not been a surprise to us at all that NIS2 recognises this fact by broadening the scope to include a significantly higher number of regulated organisations.

The good news is that CS-AWARE is ready for NIS2. We are ready to make your organisation NIS2 compliant, and beyond! Contact us for more information.

The CS-AWARE Team.