EU Cybersecurity Directive NIS 2 Faces Delays in Adoption Amid Slow Implementation by Member States

EU Cybersecurity Label for Cloud Services Faces Delay Amid Debate Over Big Tech Participation

Key Points

  • NIS 2 Directive officially became enforceable, but many EU member states have not yet adopted it into national law.
  • The directive imposes stricter cybersecurity requirements, including reporting cyber breaches within 24 hours of discovery and vendor risk assessments.
  • Fines for non-compliance can reach up to 10 million euros or 2% of global revenue for essential entities.
  • Companies are advised to focus on common cybersecurity practices to meet compliance despite variations in local laws.

The European Union’s new NIS 2 directive, aimed at strengthening cybersecurity measures across essential sectors, has faced a slow start due to delayed adoption by many member states. This directive officially became enforceable on Thursday and requires businesses to implement stricter cybersecurity systems, risk management, and incident reporting measures. However, most EU countries have yet to incorporate the directive into their national laws, raising concerns about uneven enforcement.

The NIS 2 directive is a significant update to the EU’s original Network and Information Security Directive (NIS), which was first introduced to improve the security of IT systems and networks. The updated version, proposed in 2020, expands the scope to address newer cybersecurity challenges and includes tougher requirements for companies that provide essential services like banking, healthcare, energy, and transport.

Under NIS 2, businesses must report cyber breaches within 24 hours of discovery—compared to the 72-hour window stipulated by the EU’s General Data Protection Regulation (GDPR). Companies must also assess their technology vendors for vulnerabilities and share information on cyber threats with other organizations. This directive places a “duty of care” on businesses to be transparent about cyber vulnerabilities and hacks, even if it means admitting they were victims of a breach.

Despite the directive’s importance, research from the DNS Research Federation shows that countries like Portugal and Bulgaria have not started the transposition process, leading to potential enforcement gaps. Tim Wright, a partner at law firm Fladgate, emphasized that inconsistent implementation across the bloc could create opportunities for cybercriminals to exploit weaker member states.

The consequences for businesses failing to comply are severe. Essential entities, including finance and transport companies, face fines of up to 10 million euros or 2% of global annual revenue. In comparison, important entities like food or chemical firms could be fined up to 7 million euros or 1.4% of annual revenue. Firms not meeting compliance standards could also face service suspension and closer supervision.

Experts warn that while the regulations are comprehensive, their effectiveness depends on uniform enforcement across the EU. Chris Gow, Cisco’s EU public policy lead, noted that discrepancies in local adaptations of NIS 2 could complicate compliance for smaller companies. He advised organizations to focus on common cybersecurity practices that can be scaled to meet the directive’s requirements.

EDITORIAL TEAM
EDITORIAL TEAM
TechGolly editorial team led by Al Mahmud Al Mamun. He worked as an Editor-in-Chief at a world-leading professional research Magazine. Rasel Hossain and Enamul Kabir are supporting as Managing Editor. Our team is intercorporate with technologists, researchers, and technology writers. We have substantial knowledge and background in Information Technology (IT), Artificial Intelligence (AI), and Embedded Technology.

Read More

We are highly passionate and dedicated to delivering our readers the latest information and insights into technology innovation and trends. Our mission is to help understand industry professionals and enthusiasts about the complexities of technology and the latest advancements.

Visits Count

Last month: 86272
This month: 64929 🟢Running

Company

Contact Us

Follow Us

TECHNOLOGY ARTICLES

SERVICES

COMPANY

CONTACT US

FOLLOW US