https://eur-lex.europa.eu/eli/dir/2022/2555/oj

https://regulatorydevelopments.jiscinvolve.org/wp/2023/01/05/nis-2-directive-cybersecurity-improvement-for-all/

17 jan 2023

NIS2 for NRENs - A Call to Action

• GÉANT has asked Stratix to develop a position paper to facilitate effective responses to the implementation of the Directive in different countries. This position paper is intended to assist organisations by providing insights into the key issues, risks and potential responses to NIS2. It includes a brief introduction to the directive, potential issues for NRENs, solutions and recommendations to consider. 

12 july 2023

21 oct 2023

DG CNECT has issued Guidelines to Member States on:

• on the application of Article 3(4) of Directive (EU) 2022/2555 (NIS 2 Directive): specific section on domain name registration services. Member states are required to establish a list of essential and important entities as well as entities providing domain name registration services by April 17, 2025
• on the application of Article 4 (1) and (2) of Directive (EU) 2022/2555 (NIS 2 Directive): relationship between NIS-2 and current and futiure sector-specific legal acts addressing cybersecurity risk-management

https://digital-strategy.ec.europa.eu/en/library/commission-guidelines-application-article-34-directive-eu-20222555-nis-2-directive

https://digital-strategy.ec.europa.eu/en/library/commission-guidelines-application-article-4-1-and-2-directive-eu-20222555-nis-2-directive

14 sep 2023

NIS 2 Self-assessment Netherlands

• The Dutch government is working on incorporating NIS2 into national law. Organisations are advised to proactively assess risks and implement security measures in advance of regulatory clarity. A self-assessment questionnaire is provided (see link) to determine whether an organisation falls under the NIS2 Directive. The government is encouraging early preparation for compliance and business continuity.

Website of the dutch national cybersecurity center on NIS2:

"What will the NIS2 guideline mean for your organization?"

with a NIS2 self-assessment questionnaire:

https://regelhulpenvoorbedrijven.nl/NIS-2-NL/

Report on cybersecurity and resiliency of Europes communications infrastructures

https://digital-strategy.ec.europa.eu/en/library/report-cybersecurity-and-resiliency-eu-communications-infrastructures-and-networks

Cybersecurity risk management & reporting obligations for digital infrastructure, providers and ICT service managers

The first implementing act has been proposed. As regards technical and methodological requirements of cybersecurity risk-management measures and further specification of the cases in which an incident is considered to be significant. It is open for comment for a month until 25 July 2025.

https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14241-Cybersecurity-risk-management-reporting-obligations-for-digital-infrastructure-providers-and-ICT-service-managers_en