European Union: Published Commission Guidelines on the application of Article of Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive)

On 18 September 2023, the Commission issued guidelines concerning the application of Article 4(1) and (2) of the Directive on measures to achieve a high common level of cybersecurity throughout the European Union (NIS 2 Directive). These guidelines provide clarification on the implementation of these provisions, particularly regarding the relationship between the NIS 2 Directive and existing or future sector-specific Union legal measures addressing cybersecurity risk management and incident reporting requirements. Additionally, the guidelines include an appendix that lists the sector-specific Union legal measures that the Commission considers to fall under the scope of Article 4 of the NIS 2 Directive. The guideline also outlines the factors to be considered when assessing whether a specific Act should be classified under Article 4 of the NIS 2 Directive.