NIS2 Commission implementing regulation

Commission Implementing Regulation (EU) 2024/2690 of 17 October 2024 laying down rules for the application of Directive (EU) 2022/2555 as regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers, managed service providers, managed security service providers, providers of online market places, of online search engines and of social networking services platforms, and trust service providers

The regulation outlines the technical and methodological requirements for DNS service providers, TLD name registries, cloud computing service providers, and other relevant entities like content delivery networks, managed services, online marketplaces, search engines, and social networking platforms. It specifies the measures referred to in NIS2 Article 21(2), focusing on security measures these entities must adopt. Furthermore, it defines when an incident qualifies as significant, establishing the thresholds for reporting and response.