Sun. Nov 27th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: Stricter Supervisory and Enforcement Measures? European Parliament Adopts New Cybersecurity Law

    Information - 92%
    Insight - 91%
    Relevance - 90%
    Objectivity - 90%
    Authority - 95%

    92%

    Excellent

    A short percentage-based assessment of the qualitative benefit of post highlighting the European Parliament's adoption of a new cybersecurity law to strengthen EU-wide resilience.

    Editor’s Note: The Network and Information Security (NIS) Directive is the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market. To respond to the growing threats posed with digitalization and the surge in cyber-attacks, the Commission submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonized sanctions across the EU. Co-legislators reached a provisional agreement on the text of the Network and Information Security 2 proposal on 13 May 2022, and the proposed legislation was adopted by the EU Parliament on 10 November 2022. The adoption announcement and a copy of the Network and Information Security 2 Directive may benefit cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem as they consider cybersecurity requirements in the European Union.


    Press Announcement*

    Cybersecurity: Parliament Adopts New Law to Strengthen EU-Wide Resilience

    Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonize their sanctions were approved by MEPs on Thursday.

    • New legislation sets tighter requirements for businesses, administrations, infrastructure
    • Differing national cybersecurity measures make the EU more vulnerable
    • New “essential sectors” covered such as energy, transport, banking, health

    The legislation, already agreed between MEPs and the Council in May, will set tighter cybersecurity obligations for risk management, reporting obligations, and information sharing. The requirements cover incident response, supply chain security, encryption, and vulnerability disclosure, among other provisions.

    More entities and sectors will have to take measures to protect themselves. “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors will be covered by the new security provisions.

    During negotiations, MEPs insisted on the need for clear and precise rules for companies, and pushed for the inclusion of as many governmental and public bodies as possible within the scope of the directive.

    The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles, and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation.

    It also establishes a framework for better cooperation and information sharing between different authorities and member states and creates a European vulnerability database.

    Quote

    “Ransomware and other cyber threats have preyed on Europe for far too long. We need to act to make our businesses, governments and society more resilient to hostile cyber operations” said lead MEP Bart Groothuis (Renew, NL).

    “This European directive is going to help around 160,000 entities tighten their grip on security and make Europe a safe place to live and work. It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale,” he said.

    “This is the best cyber security legislation this continent has yet seen, because it will transform Europe to handling cyber incidents pro-actively and service orientated,” he added.

    Next steps

    MEPs adopted the text with 577 votes to 6, with 31 abstentions. After Parliament’s approval, Council also has to formally adopt the law before it will be published in the EU’s Official Journal.

    Background

    The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity, and its specific aim was to achieve a high common level of cybersecurity across the Member States. While it increased the Member States’ cybersecurity capabilities, its implementation proved difficult, resulting in fragmentation at different levels across the internal market.

    To respond to the growing threats posed by digitalization and the surge in cyber-attacks, the Commission has submitted a proposal to replace the NIS Directive and thereby strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisory measures and stricter enforcement requirements, including harmonized sanctions across the EU.

    Read the original announcement.


    Complete NIS2 Directive: The Network and Information Security (NIS) Directive (PDF) – Mouseover to Scroll

    EPRS - BRI 2021 689333 - EN

    Read the original paper.

    *Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.


    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Stricter Supervisory and Enforcement Measures? European Parliament Adopts New Cybersecurity Law

    According to European Member of Parliament (MEP) Bart Groothuis, “Ransomware and...

    Geopolitical Shakedowns? The Annual ENISA Threat Landscape Report – 10th Edition

    According to EU Agency for Cybersecurity Executive Director Juhan Lepassaar, “Today's...

    Cryptographically Secure? The Threat of Side-Channel Analysis

    Side-channel analysis has become a widely recognized threat in the last...

    Red Storm Rising? Data Breaches Rise Globally in Q3 2022

    “It’s concerning to see data breaches rising again after a comparatively...

    A Magnet for Revenue? Magnet Forensics Announces 2022 Third Quarter Results

    According to Adam Belsher, Magnet Forensics' CEO, "Our solutions address the...

    Progress and Opportunity? Cellebrite Announces Third Quarter 2022 Results

    “We are pleased to report a solid third quarter, delivering strong...

    Changing of the Guard? Relativity Welcomes New CEO

    "Relativity is a rare company with both exceptional industry leadership and...

    Fueling Continued Growth? Renovus Capital Acquires Advisory Business from HBR Consulting

    "The legal industry remains in the early stages of digital and...

    An eDiscovery Market Size Mashup: 2022-2027 Worldwide Software and Services Overview

    From retraction to resurgence and acceleration, the worldwide market for eDiscovery...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for November 2022

    From cyber shakedowns and threats to the total cost of eDiscovery...

    Five Great Reads on Cyber, Data, and Legal Discovery for October 2022

    From cyber claims and data privacy to corporate litigation and the...

    Five Great Reads on Cyber, Data, and Legal Discovery for September 2022

    From privacy legislation and special masters to acquisitions and investigations, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for August 2022

    From AI and Big Data challenges to intriguing financial and investment...

    In The House? The Fall 2022 eDiscovery Total Cost of Ownership Survey – Final Results

    Today CompexDiscovery shares the results of a new business survey focused...

    Cold Front Concerns? Eighteen Observations on eDiscovery Business Confidence in the Fall of 2022

    In the fall of 2022, 49.0% of survey respondents felt that...

    Stereotyping Data? Issues Impacting eDiscovery Business Performance: A Fall 2022 Overview

    In the fall of 2022, 28.0% of respondents viewed increasing types...

    Bubble Trouble? eDiscovery Operational Metrics in the Fall of 2022

    In the fall of 2022, 89 eDiscovery Business Confidence Survey participants...

    Digging Out and Digging In? Ukraine Conflict Assessments in Maps (November 14-20, 2022)

    According to a recent update from the Institute for the Study...

    A Liberating Momentum? Ukraine Conflict Assessments in Maps (November 7-13, 2022)

    According to a recent update from the Institute for the Study...

    Rhetoric or Reality? Ukraine Conflict Assessments in Maps (November 1-6, 2022)

    According to a recent update from the Institute for the Study...

    Targeting Infrastructure? Ukraine Conflict Assessments in Maps (October 27 – 31, 2022)

    According to a recent update from the Institute for the Study...