What is the NIS2 Directive?
The European Union’s Network and Information Security (NIS2) Directive Opens in a new tab replaces the NIS Directive 2016 and aims to ensure a “high common level of cybersecurity across the EU’s Member States” by further strengthening cyber security requirements in critical infrastructure, and those industries and organisations that are indispensable for the functioning of the economy.
NIS2 was ratified on 16 January 2023, and each of the EU’s member states must ensure it adopts and publishes measures necessary to comply with the directives by 17 October 2024, with those measures taking effect 18 October 2024. For businesses in the UK, the EU law will not be implemented, but it’s expected that an expansion of the UK NIS Directive will include similar requirements to NIS2. And those UK businesses who operate within the EU will have to comply with NIS2 to ensure they can show consistent levels of cyber security standards.