NIS2 Directive: EU co-legislators reach a provisional agreement

Published

Jun 08 2022

Written By

I'm a technology, copyright, AI, cyber security and data protection lawyer. My ambition is to provide the best and most suitable advice to clients and, in particular, to guide them through their technology transactions, IT and data in a pragmatic, solution-driven and innovative manner.

Dr. Natallia Karniyevich

Associate
Germany

I am a seasoned attorney situated at the Bird & Bird Düsseldorf office, with a specialisation in cybersecurity and data protection law, and a co-head of the Bird & Bird International Cybersecurity Steering Group.

Feyo Sickinghe

Of Counsel
Netherlands

I am a Principal Regulatory Counsel in our Regulatory & Public Affairs practice in the Netherlands and Brussels. I have a focus on tech and comms and digital markets regulation, drawing on in-depth business knowledge and extensive experience in TMT and public administration.

On 13 May 2022, the European Parliament and EU Member States reached a provisional agreement on the NIS2 Directive. This act will repeal the current NIS Directive, amending the rules on the security of network and information systems.

The new rules will be of relevance both for the entities directly falling under the new Directive (in conjunction with its future local implementation) as well as, though itself not in scope, dealing with the organisations covered by the NIS2 Directive.

Once formally approved by the co-legislators and published in the Official Journal, the NIS2 Directive will enter into force 20 days after publication. Member States will then have 21 months to transpose the Directive into national law. In Germany, for example, following the IT Security Act 2.0, the legislator will have to deal with an IT Security Act 3.0.

Our article describes the key takeaways of the provisional agreement and highlights the current points for action.

Click here to read our full article