Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Directive on Measures for a High Common Level of Cybersecurity Across the Union
- Recitals
CHAPTER I
GENERAL PROVISIONSArticles 1 — 6
CHAPTER II
COORDINATED CYBERSECURITY FRAMEWORKSArticles 7 — 13
CHAPTER III
COOPERATION AT UNION AND INTERNATIONAL LEVELArticles 14 — 19
CHAPTER IV
CYBERSECURITY RISK-MANAGEMENT MEASURES AND REPORTING OBLIGATIONSArticles 20 — 25
CHAPTER V
JURISDICTION AND REGISTRATIONArticles 26 — 28
CHAPTER VI
INFORMATION SHARINGArticles 29 — 30
CHAPTER VII
SUPERVISION AND ENFORCEMENTArticles 31 — 37
CHAPTER VIII
DELEGATED AND IMPLEMENTING ACTSArticles 38 — 39
CHAPTER IX
FINAL PROVISIONSArticles 40 — 46
ANNEXES
Understanding the NIS 2 Directive
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)
14 December 2022
18 October 2024
- To achieve a high common level of cybersecurity across the European Union in order to improve the functioning of the internal market (Article 1).
Public and private entities qualified as “essential” (e.g. energy, transport, banking, health, digital infrastructure, public administration, space) or “important” (e.g. postal services, digital providers, electronics, food, chemicals, waste management, etc) and meeting specific size and turnover criteria
Enumerated IT services providers such as online marketplaces, search engines, cloud computing, data centers and content delivery networks, without any quantitative thresholds
Policies on risk analysis and information system security
Incident handling
Business continuity, such as backup management, disaster recovery, and crisis management
Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers
Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure
- Relevant provisions: Article 21
NIS2on StreamLex, what can I find?
Relevant guidance (guidelines, recommendations, etc.) and templates issued by the European Commission, ENISA and NIS Cooperation Group
Relevant legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission
Relevant registers maintained by the European Commission, ENISA and NIS Cooperation Group
European Commission, ENISA and NIS Cooperation Group consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance
Draft versions of the European Commission, ENISA and NIS Cooperation Group guidance or templates (e.g., issued for the purposes of public consultation) and invalidated guidance and templates (e.g., documents superseded by other guidance)
Historical documents issued in relation to the NIS Directive
Documents issued by the national authorities
CJEU or national court judgments