29 November 2022
On 28 November 2022, the Council of the European Union (EU) voted to adopt the Network and Information Systems Directive (EU) 2022/0383 (NIS 2). Seeking to expand, strengthen and harmonise implementation of the EU’s existing cybersecurity framework, NIS 2 forms a key part of the EU’s Cybersecurity Strategy and aligns with the European Commission’s priority to make Europe fit for the digital age.
Approval by the European Parliament took place on 10 November 2022. Formal publication of NIS 2 is expected soon, with Member State implementations of NIS 2 to follow within 21 months. This briefing looks at key changes introduced by NIS 2 and what organisations should be doing now to prepare for them.