Search for:
Cybersecurity, Data and Tech

European Union: Who does NIS2 apply to and what are the key obligations?

By , , and 2 Mins Read

In brief

Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive“) entered into force on 16 January 2023. It had to be transposed into national law by 17 October 2024. Only a small number of member states (among them Hungary, Belgium and Croatia) have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of member states will need some time. Nevertheless, companies are well advised to familiarize themselves with the new requirements and to provide for their implementation.

The NIS2 Directive extends the scope of application of security requirements for networks and information systems (NIS) to include numerous additional sectors compared to the previous NIS Directive (Directive (EU) 2016/1148). It also extends the range of obligations for public and private institutions. This means that companies that fall within the scope of the NIS2 Directive are subject to extensive new obligations.

The extended personal scope of application means that under the NIS2 Directive, significantly smaller companies than before are subject to NIS security requirements. Similar to other regulations such as the GDPR, the NIS2 Directive foresees severe sanctions for certain breaches, with enforcement powers assigned to the member states.

Click here to read the full alert.

Categories:
Tags:
Author

Dr. Lukas Feiler, SSCP, CIPP/E, is specialized in technology litigations, focusing on regulatory and civil disputes in the areas of data protection, AI, and platform regulation. Building on his litigation expertise, Lukas advises clients on strategic compliance issues in the areas of cyber security, data protection, and AI.
He heads the Firm’s Commercial, Data, IPTech and Trade practice in Vienna. Lukas also leads the AI Desk in Vienna and is a member of the Firm’s EMEA Data Privacy & Security leadership team. Lukas regularly represents clients before the Austrian Supreme Court, the Austrian Administrative Supreme Court, the European Commission, and the EU’s General Court and the CJEU.
Lukas has published best-selling books on data protection, AI, and cybersecurity law. He also holds teaching positions for data protection law and AI law at the University of Vienna and the Sigmund Freud University Vienna.
Before his legal career, he worked as a software developer and system administrator in New York, Vienna, and Leeds and holds a certification as a Systems Security Certified Practitioner.

Author

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. Prior to joining Baker McKenzie she studied law at the University of Passau. She obtained her Doctor of Law degree on a topic related to privacy in the Web 2.0. From July until December 2014 she practiced at the San Francisco office of Baker McKenzie. She is a member of the International Association of Privacy Professionals (IAPP), since May 2015 a Certified Information Privacy Professional/Europe (CIPP/E) and since May 2017 a Certified Information Privacy Professional/United States (CIPP/US). She is also the author of numerous articles on information technology law, in particular on data protection law and e-commerce law, and the co-author of an English language commentary on the EU General Data Protection Regulation.

Author

Caroline Heinickel, a counsel, was admitted to the German bar in 2006. She joined Baker McKenzie in 2005 and has, since then, worked mainly in the field of public law with a focus on regulated industries, particularly in the telecommunications and energy sectors, energy law and environmental law.

Author

Silvia Grohmann is an associate of Baker McKenzie's IPTech team in Vienna. Prior to joining the Firm in May 2020, she worked as a trainee at a renowned Austrian law firm and the Austrian Chamber of Commerce in Shanghai. She studied law at the University of Vienna and gained valuable experiences at ETH Zürich and the East China Normal University.

Related Posts