Adopted on July 6, 2016, the NIS (Network Infrastructure Security) Directive was transposed by the European Union Member States on May 9, 2018.
This guideline has helped to homogenize the long national security practices of Member States, as well as to strengthen the protection of Operators of Essential Services (OESs) and Digital Service Providers (DSPs) against cyber threats.
In view of the technological developments and the consequences of the health crisis, the European Commission decided to update this NIS Directive by presenting a new proposal on December 16, 2020, "the NIS2 Directive".
In response to the growing threats posed by digitization and the increase of cyberattacks, this proposal aims to replace the NIS Directive and thereby strengthen security requirements, address the issue of supply chain security, streamline reporting obligations, and introduce stricter monitoring measures and enforcement requirements, including harmonized sanctions across the EU. After 17 months of discussions, the NIS2 Directive was agreed in a trialogue on May 13, 2022. The text, provisional at this stage, still needs to be finalized at the technical and linguistic levels before being formally adopted by the EU Council and the European Parliament. However, it already establishes a new scope of business sectors affected by cybersecurity regulations that will improve the resilience of the entire ecosystem. From now on, this ecosystem will be grouped around Essential Entities (EEs) and Important Entities (IE), including public administrations.
This white paper explains the impact of the revised NIS Directive - also known as the NIS2 Directive - on the cybersecurity practices of critical or important European entities and demonstrates how privileged access, endpoint, and identity management solutions can already help them comply