European Union: Entry into force of Implementing Regulation for EU NIS 2 Directive concerning cybersecurity risk management and reporting obligations for digital infrastructure, providers and ICT service managers

On 7 November 2024, the European Commission’s implementing regulation laying down the rules for the application of Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS 2 Directive) enters into force. In particular, the regulation outlines cybersecurity risk-management measures' technical and methodological requirements. Furthermore, it specifies the cases in which an incident is considered to be significant with regard to DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers and managed service providers. Additionally, it covers incidents for providers of online marketplaces, search engines, social networking platforms, and trust services. The member states of the European Union are required to apply the measures necessary to comply with the NIS2 cybersecurity rules, including supervisory and enforcement measures.