The remaining 25 countries have until 17 October, to implement the Network and Information Security Directive 2 (NIS2), which was approved back in 2022 with the aim to protect critical entities, such as energy, transport, banking, water and digital infrastructures, against major cyber incidents.
Euronews reported in March that Croatia was the first, and only country, to have notified the Commission about their partial transposition. The status of the country remains the same.
Fines up to €10 million
The Commission proposed the overhaul of NIS1 – aimed at beefing up the resilience of network and information systems across Europe against cybersecurity risks – with the aim to keep up with increased digitisation and an evolving cybersecurity threat landscape.
According to a spokesperson for the EU executive, the first directive presented in 2016 failed until now to improve cyber resilience of businesses operating in the EU, and did not promote joint crisis response.
Companies need to issue a warning within 24 hours and deliver an incident report within 72 hours in case of incidents that cause serious operational disruptions.
In case of non-compliance, companies face fines up to €10 million, or 2% of worldwide revenue, whichever is higher.
Companies lack awareness
The French joint parliamentary committee for digital and postal affairs said in a report published last Thursday that while NIS 1 concerned nearly 600 entities, NIS2 will change the scale to nearly 15,000 entities in scope.
The committee consulted stakeholders including the national cybersecurity office, software producers and cloud associations between March and May, and concluded that the transposition deadline “raises a number of challenges” for companies that are now within the scope.
“The majority of the new entities concerned are not aware of the measures and the criteria that they will have to analyse themselves to determine their compliance,” it said.
It adds that “the bill has still not been presented to the Council of Ministers, and with the date of 17 October 2024 approaching, its future is uncertain.”
In Germany, too, the plan for the adoption of the implementing law is foreseen in early 2025.
Source link : https://www.euronews.com/next/2024/10/09/only-belgium-croatia-adopt-eu-cyber-rules-for-critical-sectors-week-before-deadline
Author :
Publish date : 2024-10-09 08:54:18
Copyright for syndicated content belongs to the linked Source.
