The European Union adopted the Network and Information Security Directive, known as the NIS Directive, back in 2016. If you work in IT and cybersecurity or are an operator of an essential service, you will already be familiar with this directive. Now, the European Union is deepening this framework with a new directive on cybersecurity, known as NIS2.
In 2016, the European Union adopted a directive on network and information security, known as the NIS Directive. If you work in IT and cybersecurity, or if you are an operator of an essential service, you will already be familiar with this directive. Its full official title is Directive (EU) 2016/1111 of the European Parliament and of the Council of 7 July 2016 concerning measures to ensure a high common level of security of network and information systems across the Union. Now, the European Union is deepening this framework with a new directive on cybersecurity, known as NIS2.
NIS2 timeframe
The first information on the amendment and extension of NIS was published at the end of 2017, less than two years after the adoption of this directive. Parliament called for attention to be focused on the security of all devices subject to cybersecurity and for measures to be taken to promote a security-by-design approach. In doing so, Parliament called on Member States to speed up the establishment of teams to deal with cybersecurity emergencies, through which businesses and consumers can report malicious emails and websites, as provided for in the NIS Directive.
Subsequently, in its resolution of 12 March 2019, the European Parliament called on the Commission to assess the need to further extend the scope of the NIS Directive to other critical sectors and services not covered by specific sectoral legislation.
Following that resolution, the Commission worked intensively for almost two years on a new NIS2 Directive, which it presented on 16 December 2020.
The Committee adopted its report on October 28, 2021, and at the same time adopted a mandate to start interinstitutional negotiations.
The committee adopted its report on October 28, 2021, and at the same time adopted a mandate to start interinstitutional negotiations. The European Council agreed on its contribution to the approval process on December 3, 2021. Together, the legislators reached a provisional agreement on the text on May 13, 2022. The text now has to be formally adopted by both institutions, with the Parliament voting on it in plenary in the coming months – we expect this vote to take place at the end of 2022. Member States will then have 21 months (instead of the originally proposed 18 months) to transpose the directive into national law. We already know the draft and the main changes that the NIS2 Directive will bring.
We expect the NIS2 Directive to be effective and transposed in the Slovak Republic in 2024.
