On 16 December 2020, the European Commission presented the Proposal for a Directive of the European Parliament and the Council on measures for a high common level of cybersecurity in the Union (NIS2), repealing EU Directive 2016/1148 (NIS1). The Proposal aims to ensure a higher level of cybersecurity at the EU level. It requires each member state to adopt a national security strategy and to define its strategic objectives and the regulatory measures it intends to take to achieve an adequate level of harmonisation of the companies falling within its scope. Each member state is required to designate one or more competent national authorities to manage large-scale crises or incidents and supervise the application of the directive at the national level, and establish single points of contact and Computer Security Incident Response Teams (CSIRTs), which will act as trusted intermediaries to facilitate interaction between the various entities involved and will be linked by a network of national CSIRTs. A cooperation group composed of representatives from each member state, the Commission and the European Union Agency for Cybersecurity (ENISA) is also established to conduct cyber risk assessments and issue security standards. The European Cyber Crises Liaison Organisation Network (EU - CyCLONe), consisting of representatives of each member state, the Commission and ENISA, will also be established. In addition, the peer-review system is adopted to evaluate the effectiveness of the directive in each member state.
Original source