Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Your feedback
About UsNewsletterTerms of UsePrivacy NoticeLinkedIn
NIS2
  • Data & Privacy

    • Data Act
    • Data Governance Act
    • ePrivacy Directive
    • GDPR
  • AI & Trust

    • Artificial Intelligence Act
    • Product Liability Directive
  • Cybersecurity

    • Cybersecurity Act
    • DORA
    • NIS2
  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
NIS2
Directive on Measures for a High Common Level of Cybersecurity Across the Union

Understanding the NIS 2 Directive

Full name of the law
Full name of the law

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)

Link to the official text
Link to the official text
https://eur-lex.europa.eu/eli/dir/2022/2555
Adoption date
Adoption date

14 December 2022

Transposition or application date
Transposition or application date

18 October 2024

Relevant EU-level authorities and groups
Relevant EU-level authorities and groups
Relevant Member States authorities
Relevant Member States authorities
Objectives of the law
Objectives of the law
Scope
Scope
  • Public and private entities qualified as “essential” (e.g. energy, transport, banking, health, digital infrastructure, public administration, space) or “important” (e.g. postal services, digital providers, electronics, food, chemicals, waste management, etc) and meeting specific size and turnover criteria

  • Enumerated IT services providers such as online marketplaces, search engines, cloud computing, data centers and content delivery networks, without any quantitative thresholds

  • Relevant provisions: Article 2Article 3Annex IAnnex II
Key obligations under the law
Key obligations under the law
  • Policies on risk analysis and information system security

  • Incident handling

  • Business continuity, such as backup management, disaster recovery, and crisis management

  • Supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers

  • Security in network and information systems acquisition, development and maintenance, including vulnerability handling and disclosure

  • Relevant provisions: Article 21

NIS2on StreamLex, what can I find?

Included in the resources
Included
Included

Relevant guidance (guidelines, recommendations, etc.) and templates issued by the European Commission, ENISA and NIS Cooperation Group

Included
Included

Relevant legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission

Included
Included

Relevant registers maintained by the European Commission, ENISA and NIS Cooperation Group

Not included in the resources
Not Included
Not Included

European Commission, ENISA and NIS Cooperation Group consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance

Not Included
Not Included

Draft versions of the European Commission, ENISA and NIS Cooperation Group guidance or templates (e.g., issued for the purposes of public consultation) and invalidated guidance and templates (e.g., documents superseded by other guidance)

Not Included
Not Included

Historical documents issued in relation to the NIS Directive

Not Included
Not Included

Documents issued by the national authorities

Not Included
Not Included

CJEU or national court judgments

Complete Resources for this Law

© 2024 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2024 StreamLex