Revisions NIB2: Measures in Additional Sectors to Increase Cyber Resilience EU and Netherlands
This wednesday an agreement on NIS2 revisions was reached by EU member states and the European Parliament. Necessary measures to increase cyber resilience in European networks and organisations include better security and a duty to report severe security incidents. Large organisations across a variety of sectors will be required to take measures starting mid-2024.
From this date, the revised NIB2 directive will recognize two categories: essential services and important services. Currently, only providers of services deemed essential are required to report severe incidents, whereas others do not. With this revision, so-called "important" service providers, including in food production and distribution, as well as postage and courier services will have to do the same. The details of the revised directive are expected to be published later this year, in preparation for ratification into law in mid 2024.
Supervision for the essential services will be proactive, for important providers this will be after signs of an incident occurring become apparent. These parties are smaller in size, meaning disruption of their services will have no severe societal or economic repercussions. Aside from this duty to report incidents, providers that fall under this revised directive must also take measures to increase their cybersecurity within their supply chain, and to improve their response to cyber threats.