5 minute read 9 May 2023

EY Report: The future of cybersecurity in Europe. Challenges related to the NIS2 Directive.

Justyna Wilczynska-Baraniak
By Justyna Wilczynska-Baraniak

EY Polska, EY Law, Intellectual Property, Technologies and Personal Data, Partner, Attorney-at-law

Intellectual Property, Technology and Personal Data Team Leader. Experienced in legal advisory for multi-jurisdictional clients.

5 minute read 9 May 2023
Related topics Law Cybersecurity
Upvote

Show resources

It is our great pleasure to present the EY Report: The future of cybersecurity in Europe. Challenges related to the NIS2 Directive. 

The NIS2 Directive will be one of the key pieces of cybersecurity legislation and, as such, it will impose new obligations on companies and individuals operating in certain critical sectors. Together, let us start a discussion on a wise and harmonized approach to the implementation of the NIS2 Directive in the individual Member States.

On 28 November 2022, the Council of the European Union adopted a new cybersecurity EU Directive 2022/2555 (NIS2 Directive). It is intended to replace and repeal the current EU Directive 2016/1148 on measures for a high common level of security of network and information systems across the European Union (NIS Directive).

Why does the European Union introduce NIS2 Directive? 

The NIS Directive was intended to regulate cybersecurity in the European Union in a comprehensive manner. However, the lack of consistent implementation of the NIS Directive in individual EU countries has led that this objective has not been achieved. Therefore, the European Union has decided to adopt the NIS2 Directive in response to increasing cyber threats related to digitization. The aim of new Directive is to achieve even higher levels of cybersecurity than in the NIS Directive. It is also designed to promote greater harmonization of cybersecurity rules across EU Member States.

The NIS2 Directive, like the NIS Directive, requires Member States to establish a national cybersecurity strategy, to designate competent national authorities or to respond to computer security incidents. However, compared with the first Directive, it introduces more stringent security and reporting requirements for entrepreneurs, as well as stricter supervision measures applied by national authorities.

EY Poland Digital Law Team and EY Poland Cybersecurity Team have prepared a report which discusses the impact and challenges related to the implementation of the NIS2 Directive for different business entities and for EU Member States, as well as the changes introduced in relation to the previous NIS Directive.

 

Download the Report

The EY Report emphasizes the need to harmonize regulations for cybersecurity in two dimensions – at EU level and in individual Member States. The differences in the regulatory approach to cybersecurity can have a direct impact not only on the cybersecurity, but also on the development of digitalization in different countries and on the competitiveness of national companies on the global markets.

The NIS2 Directive – How it will impact the future of cybersecurity in Europe?

 

As the implementation of the NIS Directive was difficult for both businesses and public entities, we decided to analyze the NIS2 Directive and identify the potential challenges associated with the new regulations. The aim is to present a broad picture of the NIS2 Directive and how it will influence both the regulatory developments and the challenges that businesses face today and in the future.

Are you ready for new requirements of NIS2 Directive?

EY's report will help the entities that are covered by the NIS2 Directive to better understand the upcoming obligations and will initiate a discussion on a wise and harmonized approach to the implementation of the NIS2 Directive in Member States.

The report focuses on the categories of entities that may be most affected by the NIS2 Directive due to the economic burdens associated with fulfilling the new obligations (e.g., SMEs). The presentation of specific problems related to the NIS2 Directive will allow for a rational view at the challenges and will help to develop actions that should be taken for the optimal implementation of the NIS2 Directive.
Justyna Wilczyńska-Baraniak
EY Polska, Kancelaria EY Law, Własność Intelektualna, Technologie i Dane Osobowe, Partner, Adwokat

Download EY Report: "The future of cybersecurity in Europe. Challenges related to the NIS2 Directive"

Download the Report

Direct at your mail

Subscribe EY newsletters

Subscribe

Summary

EY Poland Report: The future of cybersecurity in Europe. Challenges related to the NIS2 Directive covers the following issues:

  • General challenges related to the NIS2 Directive;
  • Potential impact of the NIS2 Directive on different stakeholders;
  • Macroeconomic impact of the NIS2 Directive;
  • Regulatory environment for cybersecurity in the EU;
  • Different approaches to the NIS Directive implementation and its impact on the NIS2 Directive implementation;
  • Recommendations.

Collect a report today!

Contact

LinkedIn Twitter

About this article

Justyna Wilczynska-Baraniak
By Justyna Wilczynska-Baraniak

EY Polska, EY Law, Intellectual Property, Technologies and Personal Data, Partner, Attorney-at-law

Intellectual Property, Technology and Personal Data Team Leader. Experienced in legal advisory for multi-jurisdictional clients.

Upvote