last highlighted date: 2024-09-26
Highlights
- DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive).
- Note: nis2
- Replacing a previous NIS directive from 2016, NIS 2 sets out legal measures to achieve a higher common standard of cybersecurity across the European market.
- The NIS 2 Directive is aimed at organisations providing services or carrying out activities within the EU, deemed ‘essential’ or ‘important’ for societal and economic functions.
- • it has affected or is capable of affecting other natural or legal persons by causing considerable material or non-material damage.
The notification procedure should include: - NIS 2 includes administrative fines that can be imposed on organisations for breaching certain requirements. Essential entities: a maximum fine of at least €10,000,000 or a maximum of at least 2% of the total worldwide annual turnover in the previous financial year, whichever amount is higher. Important entities: a maximum fine of at least €7,000,000 or a maximum of at least 1.4% of the total worldwide annual turnover in the previous financial year, whichever amount is higher.