The revised EU directive on the security of network and information systems (NIS2) establishes new responsibilities for the EU cybersecurity agency (ENISA), thus enhancing its role.

ENISA will prepare every other year a report on the state of cybersecurity across the EU. The report aims to provide policy recommendations to address shortcomings and to increase the level of cybersecurity in the EU.

Under the NIS2, member states will have to adopt a national plan for the management of large-scale cybersecurity incidents and crises, including identifying a responsible competent authority (or more than one). The plan will have to outline the objectives and procedures that will be deployed to manage cybersecurity incidents and crises that have a broader effect on the EU.

The NIS2 introduces a peer review mechanism to enhance member states’ cybersecurity capabilities and policies. Experts participating in peer reviews will have to draft reports on the findings of the reviews, including recommendations on how to improve the security aspects covered by the reviews. 

The NIS2 formally establishes the EU-Cyber Crises Liaison Organisation Network (EU-CyCLONe). The EU-CyCLONe will act as an intermediary between the technical and political level during EU-wide cybersecurity incidents.

Cullen International is releasing a series of reports on the different aspects of the newly revised directive on the security of network and information systems (NIS2). Our final of five reports outlines the main requirements at EU level and for EU member states that are set out in NIS2.

See also:
Part 1: Scope
Part 2: Common security risk management and reporting requirements
Part 3: Specific obligations for the telecoms, ICT supply chain and digital sectors
Part 4: Supervision and jurisdiction

For more information and to access our NIS2 report series, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.