On 3 December 2021, the Council adopted its position on the draft NIS2 Directive (Network and Information Security Systems Directive).
The measures foreseen by the directive include the obligation to carry out risk analysis, incident handling procedures and the preparation of business continuity plans, the use of encryption and cryptography, supply chain security, management training, incident and threat reporting and, in some cases, mandatory certification.
The size of the company is now the determining factor in whether or not it falls within the scope of the future directive, although this can still be waived at national level. It seems that SMEs will not be affected.
The text is currently being finalised at European level. The Council and the Parliament still have to agree on the final text.
Read the draft text:
Proposal for a Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union, repealing Directive 2016/1148 sur https://data.consilium.europa.eu/doc/document/ST-14337-2021-INIT/en/pdf
Read the article by Ilse Haesaert published on 07/12/2021 on
https://www.agoria.be/fr/digitalisation/cybersecurite/cybersecurite-le-niveau-commun-de-base-de-cybersecurite-dans-lue
Source Cybersecurity: The Common Basic Level of Cybersecurity in the EU
in Agoria Newsletter 08/12/2021
