New EU Cybersecurity Proposals: NIS 2 and Cyber Resilience of Critical Entities - Lexology

New EU Cybersecurity Proposals: NIS 2 and Cyber Resilience of Critical Entities - Lexology

On December 16, the European Union released two proposals, one on NIS 2 and the other on cyber resilience of critical entities (read “infrastructures”). We have provided a short summary of what to expect:


  • Significant extension of the entities in scope of the new NIS directive – more sectors covered and no need for Member States’ designation of targeted entities. New terminology; essential versus important entities. Similar trend under the Critical Infrastructure directive.

  • New requirements for supply chain management, new incident preparation and reporting requirements (24 hours timeframe to report to authorities and news communication requirements to affected users of the services).

  • Extraterritorial reach and higher fines for non-compliance across the EU Member States (10 mio or 2% of worldwide turnover).

  • New framework for threat information sharing (including new governance principles).



  • Support the originator by clicking the read the rest link below.