These pages will be updated and expanded regularly. 

The NIS-2 Directive was published end of December 2022. This page will give all essential references. 

In January 2023 EU member states started the process of transposing this directive into national legislation. This legislation needs to be in place by mid October 2024 and will then be in effect immediately.

The NIS-2 directive will regulate both on national level and on organisation level. As the directive is a EU directive it is primarily applicable on EU member states. Some associated members (like Norway) will probable also transpose the directive into national legislation.

NRENs need to continuously seek dialogue with their national implementation coordinator in order to discuss their position. Due to the nature of NREN-business national coordinators might need assistance in deciding upon the position of the NREN.


The first GÉANT infoshare on NIS-2 was in 2021 as an introduction to the upcoming legislation related to the EU Security Union.

GÉANT Infoshare II on NIS-2 on January 11th, 2023: https://events.geant.org/event/1339/

GEANT Infoshare III on NIS-2 on March 28th, 2023, 13.00 CEST: https://events.geant.org/event/1386/

GÉANT Infoshare IV on NIS-2 on July 11th, 2023, 13.00 CEST

GÉANT Infoshare V on NIS-2 on November 27th, 2023, 13.00 CET: https://events.geant.org/event/1571/ 

GÉANT Infoshare VI on NIS-2 on March 18th, 2024, 14.00 CET: https://events.geant.org/event/1594/

GÉANT Infoshare VII on NIS-2 on June 24th, 2024, 14.00 CEST: https://events.geant.org/event/1682/

References

DescriptionLocation/linkdate
NIS-2 directive  (EU 2022/2555) full text/ all languages

https://eur-lex.europa.eu/eli/dir/2022/2555/oj

14 dec 2022
Blogpost Andrew Cormack (focus on incident respons cooperation)

https://regulatorydevelopments.jiscinvolve.org/wp/2023/01/05/nis-2-directive-cybersecurity-improvement-for-all/

5 Jan 2023
GÉANT NIS-2 Infoshare II - 11 January 2023Slides presentation Alf Moens and Edit Herczog, the recording can be found here.11 jan 2023
Publication on 2nd Infosharehttps://connect.geant.org/2023/01/17/eu-security-union-2nd-infoshare

17 jan 2023

NIS2 for NRENs - A Call to Action

  • GÉANT has asked Stratix to develop a position paper to facilitate effective responses to the implementation of the Directive in different countries. This position paper is intended to assist organisations by providing insights into the key issues, risks and potential responses to NIS2. It includes a brief introduction to the directive, potential issues for NRENs, solutions and recommendations to consider. 
Stratix: NIS2 for NRENs - A Call to Action

12 july 2023

NCSC Ireland: A quick guide to NIS2NIS 2 Quick reference guide.pdf

21 oct 2023

DG CNECT has issued Guidelines to Member States on:

  • on the application of Article 3(4) of Directive (EU) 2022/2555 (NIS 2 Directive): specific section on domain name registration services. Member states are required to establish a list of essential and important entities as well as entities providing domain name registration services by April 17, 2025
  • on the application of Article 4 (1) and (2) of Directive (EU) 2022/2555 (NIS 2 Directive): relationship between NIS-2 and current and futiure sector-specific legal acts addressing cybersecurity risk-management

https://digital-strategy.ec.europa.eu/en/library/commission-guidelines-application-article-34-directive-eu-20222555-nis-2-directive


https://digital-strategy.ec.europa.eu/en/library/commission-guidelines-application-article-4-1-and-2-directive-eu-20222555-nis-2-directive

14 sep 2023

NIS 2 Self-assessment Netherlands

  • The Dutch government is working on incorporating NIS2 into national law. Organisations are advised to proactively assess risks and implement security measures in advance of regulatory clarity. A self-assessment questionnaire is provided (see link) to determine whether an organisation falls under the NIS2 Directive. The government is encouraging early preparation for compliance and business continuity.

Website of the dutch national cybersecurity center on NIS2:

"What will the NIS2 guideline mean for your organization?"

with a NIS2 self-assessment questionnaire:

https://regelhulpenvoorbedrijven.nl/NIS-2-NL/


14 nov 2023

Report on cybersecurity and resiliency of Europes communications infrastructures

https://digital-strategy.ec.europa.eu/en/library/report-cybersecurity-and-resiliency-eu-communications-infrastructures-and-networks

21 feb 2024

Cybersecurity risk management & reporting obligations for digital infrastructure, providers and ICT service managers

The first implementing act has been proposed. As regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant. It is open for comment for a month until 25 July 2025.

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14241-Cybersecurity-risk-management-reporting-obligations-for-digital-infrastructure-providers-and-ICT-service-managers_en

27 jun 2024

What does the NIS-2 directive cover for a member state?

A large part of the NIS-2 directive is about what member states themselves need to do on national level. These cover subjects like National Security Strategy, CSIRTs and the implementation of the NIS-2 in the member state.

What is the impact of NIS-2 for an NREN

(work in progress)

What is the impact of NIS-2 for an university?

(work in progress)

  • No labels