Translations:Network and Information Security Directive (NIS2-RL)/4/en
Aus RI Wiki
| Goals | Scope | Content[1] | Synergy | Consequences |
|---|---|---|---|---|
| Development of cybersecurity capabilities (Recital 1 NIS2) | Annex I (high-criticality sectors) | Obligation for all MS to adopt national cybersecurity strategies (Art 7 NIS2) | Data protection management system | Essential entities: fines of at least EUR 10 million or 2% of global annual turnover |
| Achieving a high common level of cybersecurity (Art 1 NIS2) | Annex II (other critical sectors) if thresholds in Art 2(1) of the Annex to Recommendation 2003/361/EC are exceeded | Obligation for MS to define various responsibilities and enforcement duties (Art 31 et seq. NIS2) | Security of processing (Art 32 GDPR) | Important entities: maximum fine of at least EUR 7 million or 1.4% of global annual turnover, whichever is higher |
| Mitigating threats in key sectors (Recital 1 NIS2) | To be transposed by MS by 17 October 2024 (not yet done) | Obligations regarding cybersecurity risk management (Art 20 et seq. NIS2) and reporting (Art 23 NIS2) | Confidentiality clauses | Administrative orders and instructions. Suspension of activity also possible (Art 32 NIS2) |
| Provisions and obligations on sharing cybersecurity information (Art 29 et seq. NIS2) | Management bodies can be held personally liable (Art 20 NIS2) |
