European Union: European Union Agency for Cybersecurity published European Vulnerability Database under NIS 2 Directive

On 13 May 2025, the European Union Agency for Cybersecurity (ENISA) announced the establishment of the European Vulnerability Database (EUVD) under the Network and Information Security Directive (NIS 2 Directive). The policy aims to provide a comprehensive repository of cybersecurity vulnerabilities affecting ICT products and services. ENISA developed the EUVD to ensure transparent access to reliable and actionable vulnerability information, enhancing cybersecurity management across the European Union. The database serves as a source for infrastructure providers, platform intermediaries, and national authorities managing cybersecurity threats. It aggregates data from multiple sources, including CSIRTs and ICT vendors, to aid in effective risk management and mitigation efforts.