On 13 May 2022, the European Parliament and the Council of the European Union reached a political agreement on the Network and Information Security Directive (NIS2). The NIS2 aims to ensure a higher level of cybersecurity at the EU level. It requires each member state to adopt a national security strategy and to define its strategic objectives and the regulatory measures it intends to take to achieve an adequate level of harmonisation of the companies falling within its scope. Each member state is required to designate one or more competent national authorities to manage large-scale crises or incidents and supervise the application of the directive at the national level, and establish single points of contact and Computer Security Incident Response Teams (CSIRTs), which will act as trusted intermediaries to facilitate interaction between the various entities involved and will be linked by a network of national CSIRTs. A cooperation group composed of representatives from each member state, the Commission and the European Union Agency for Cybersecurity (ENISA) is also established to conduct cyber risk assessments and issue security standards. The European Cyber Crises Liaison Organisation Network (EU - CyCLONe), consisting of representatives of each member state, the Commission and ENISA, will also be established to coordinate large-scale cybersecurity NIS2 in each member state. The NIS2 goes to the Parliament and Council for formal adoption.
Original source