The rise in the volume of cyber incidents, the war in Ukraine, and the recent pandemic, has increased focus on the risks for medical device manufacturers and healthcare providers inherent in the data they collect and hold, including the risks posed by the ongoing threat of cyber-attacks. This is where the NIS2 Directive and the CER Directive come in.
In this article we will consider the Network and Information Systems Directive (EU) 2022/0383 (“NIS2”) and the Directive on the Resilience of Critical Entities (EU) 2022/2557 (“CER Directive”) and the impact that they will have on medical device manufacturers and healthcare providers.