What happened
As of October 18, 2024, the NIS 2 Directive officially comes into effect, marking a significant update to EU cybersecurity regulations.
This new directive expands on its predecessor, the original NIS Directive (from 2016), by strengthening the security requirements for critical infrastructure and digital services across Europe. It introduces stricter requirements, covers more sectors, and expands its scope to include additional industries such as cloud service providers, online platforms, and public electronic communications services.
Key goals of the directive include improving incident response, enhancing risk management, and fostering collaboration between EU Member States to tackle cyber threats more effectively.
Non-EU companies providing services within the EU are now required to appoint an EU-based representative if they fall under the directive’s scope. Non-compliance with NIS 2 could result in hefty fines and administrative actions.