The latest iteration of the Network and Information Security Directive (NIS2) aims to increase the level of cybersecurity within the EU. It does so, among other things, by addressing a wider range of industries, mandating stricter cybersecurity measures (including the supply chains) and creating stricter incident reporting requirements. EU member states have until October 2024 to translate the NIS2 directive into national legislation.
Article 21 measures – NIS2 directive
- Risk analysis and information system security policies.
- Incident handling (prevention, detection, response).
- Business continuity and crisis management.
- Supply chain security.
- Security in network and information systems.
- Cybersecurity risk-management measures.
- Cyber hygiene practices and cybersecurity training.
- The use of cryptography and encryption.
- HR security, access control and asset management.
- The use of multi-factor authentication.