Thu. Mar 28th, 2024

Content Assessment: Stricter Supervisory and Enforcement Measures? European Parliament Adopts New Cybersecurity Law

Information - 92%
Insight - 91%
Relevance - 90%
Objectivity - 90%
Authority - 95%

92%

Excellent

A short percentage-based assessment of the qualitative benefit of post highlighting the European Parliament's adoption of a new cybersecurity law to strengthen EU-wide resilience.

Editor’s Note: The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market. To respond to the growing threats posed with digitalization and the surge in cyber-attacks, the Commission submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonized sanctions across the EU. Co-legislators reached a provisional agreement on the text of the Network and Information Security 2 proposal on 13 May 2022, and the proposed legislation was adopted by the EU Parliament on 10 November 2022. The adoption announcement and a copy of the Network and Information Security 2 Directive may benefit cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem as they consider cybersecurity requirements in the European Union.


Press Announcement*

Cybersecurity: Parliament Adopts New Law to Strengthen EU-Wide Resilience

Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonize their sanctions were approved by MEPs on Thursday.

  • New legislation sets tighter requirements for businesses, administrations, infrastructure
  • Differing national cybersecurity measures make the EU more vulnerable
  • New “essential sectors” covered such as energy, transport, banking, health

The legislation, already agreed between MEPs and the Council in May, will set tighter cybersecurity obligations for risk management, reporting obligations, and information sharing. The requirements cover incident response, supply chain security, encryption, and vulnerability disclosure, among other provisions.

More entities and sectors will have to take measures to protect themselves. “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions.

During negotiations, MEPs insisted on the need for clear and precise rules for companies, and pushed for the inclusion of as many governmental and public bodies as possible within the scope of the directive.

The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles, and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation.

It also establishes a framework for better cooperation and information sharing between different authorities and member states and creates a European vulnerability database.

Quote

“Ransomware and other cyber threats have preyed on Europe for far too long. We need to act to make our businesses, governments and society more resilient to hostile cyber operations” said lead MEP Bart Groothuis (Renew, NL).

“This European directive is going to help around 160,000 entities tighten their grip on security and make Europe a safe place to live and work. It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale,” he said.

“This is the best cyber security legislation this continent has yet seen, because it will transform Europe to handling cyber incidents pro-actively and service orientated,” he added.

Next steps

MEPs adopted the text with 577 votes to 6, with 31 abstentions. After Parliament’s approval, Council also has to formally adopt the law before it will be published in the EU’s Official Journal.

Background

The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market.

To respond to the growing threats posed by digitalization and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonized sanctions across the EU.

Read the original announcement.


Complete NIS2 Directive: The Network and Information Security (NIS) Directive (PDF) – Mouseover to Scroll

EPRS - BRI 2021 689333 - EN

Read the original paper.

*Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.


Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.