The digital world has good things, but it has also been a cybercrime space. Parliament recently passed new laws that boost cybersecurity in the European Union in key sectors.
Learn about the major changes.
Strengthening Cyber Security Commitments - SRI Directive 2
The Network and Information Security Directive (SRI or NIS2) introduces new rules to promote a high level of cybersecurity across the European Union - for businesses and countries alike. The legislation also makes it possible to enhance cybersecurity requirements for medium and large entities that operate and provide services in key sectors.
Include more sectors
The new law expands the scope of sectors and activities that are critical to the economy and society, including energy, transportation, banking, healthcare, digital infrastructure, public administration, and space.🇧🇷 However, it does not cover national and public security, law enforcement, or the judiciary. The law applies to public administration at the central and regional level, but not to parliaments and central banks.
It also requires more entities and sectors to take cybersecurity risk management measures, including public electronic communication service providers, social media operators, manufacturers of essential products (including medical devices), postal and postal services.
More stringent obligations for countries
The law sets stricter obligations on the cyber security of EU countries with regard to surveillance. It makes it possible to improve the implementation of these commitments, in particular through the coordination of sanctions among Member States. It also aims to improve cooperation between EU countries, including large-scale incidents, under the umbrella of the European Union Agency for Cyber Security (ENISA).
The law introduces and coordinates digital operational resilience requirements for the EU financial services sector, obligating companies to ensure that they are able to withstand, respond and recover from all kinds of disruptions and threats related to ICT.
The new rules apply to all businesses that provide financial services, such as banks, payment providers, electronic money providers, investment firms, crypto-asset service providers, or even third-party ICT providers.
“Writer. Analyst. Avid travel maven. Devoted twitter guru. Unapologetic pop culture expert. General zombie enthusiast.”
