You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Below the list of key requirements outlined in the Directive (EU) 2022/2555, along with references to the originating article items from the directive text:
National Cybersecurity Strategies:
Member States must adopt national cybersecurity strategies and designate competent authorities, cyber crisis management authorities, single points of contact, and CSIRTs. (Article 1(2)(a))
Cybersecurity Risk-Management Measures:
Entities must implement cybersecurity risk-management measures and comply with reporting obligations. (Article 1(2)(b))
Information Sharing:
Rules and obligations on cybersecurity information sharing are established. (Article 1(2)(c))
Supervisory and Enforcement Obligations:
Member States are required to enforce supervisory and enforcement obligations. (Article 1(2)(d))
Scope of the Directive:
The Directive applies to various public or private entities, including those providing essential services and digital services. (Article 2)
Incident Response:
Entities must process personal data necessary for the purposes of this Directive in accordance with GDPR. (Article 14)
Essential and Important Entities:
Definitions and criteria for identifying essential and important entities are provided. (Article 3)
Sector-Specific Legal Acts:
Provisions where sector-specific Union legal acts intersect with this Directive. (Article 4)
Minimum Harmonisation:
Member States may adopt provisions ensuring a higher level of cybersecurity. (Article 5)
Definitions:
Definitions of terms used within the Directive, such as "network and information system" and "cybersecurity". (Article 6)
National Cybersecurity Strategy Details:
Details on what should be included in national cybersecurity strategies. (Article 7)
Vulnerability Management:
Policies for managing vulnerabilities, including promoting coordinated vulnerability disclosure. (Article 7(2)(c))
Cybersecurity Certification and Encryption:
Policies on cybersecurity-related requirements for ICT products and services in public procurement. (Article 7(2)(b))
Incident Handling and Reporting:
Entities must handle and report incidents according to specified procedures. (Various Articles)
Protection of Information:
Obligations to protect information and ensure confidentiality during information exchange. (Article 13)
The text was updated successfully, but these errors were encountered:
peppelinux
changed the title
NIS2
NIS2 (Directive (EU) 2022/2555) Key Requirements
Jun 19, 2024
Below the list of key requirements outlined in the Directive (EU) 2022/2555, along with references to the originating article items from the directive text:
National Cybersecurity Strategies:
Member States must adopt national cybersecurity strategies and designate competent authorities, cyber crisis management authorities, single points of contact, and CSIRTs. (Article 1(2)(a))
Cybersecurity Risk-Management Measures:
Entities must implement cybersecurity risk-management measures and comply with reporting obligations. (Article 1(2)(b))
Information Sharing:
Rules and obligations on cybersecurity information sharing are established. (Article 1(2)(c))
Supervisory and Enforcement Obligations:
Member States are required to enforce supervisory and enforcement obligations. (Article 1(2)(d))
Scope of the Directive:
The Directive applies to various public or private entities, including those providing essential services and digital services. (Article 2)
Incident Response:
Entities must process personal data necessary for the purposes of this Directive in accordance with GDPR. (Article 14)
Essential and Important Entities:
Definitions and criteria for identifying essential and important entities are provided. (Article 3)
Sector-Specific Legal Acts:
Provisions where sector-specific Union legal acts intersect with this Directive. (Article 4)
Minimum Harmonisation:
Member States may adopt provisions ensuring a higher level of cybersecurity. (Article 5)
Definitions:
Definitions of terms used within the Directive, such as "network and information system" and "cybersecurity". (Article 6)
National Cybersecurity Strategy Details:
Details on what should be included in national cybersecurity strategies. (Article 7)
Vulnerability Management:
Policies for managing vulnerabilities, including promoting coordinated vulnerability disclosure. (Article 7(2)(c))
Cybersecurity Certification and Encryption:
Policies on cybersecurity-related requirements for ICT products and services in public procurement. (Article 7(2)(b))
Incident Handling and Reporting:
Entities must handle and report incidents according to specified procedures. (Various Articles)
Protection of Information:
Obligations to protect information and ensure confidentiality during information exchange. (Article 13)
The text was updated successfully, but these errors were encountered: