NIS2 is an abbreviation for Network and Information Systems Directive 2, which is a new regulatory framework for cyber security proposed by the European Commission in December 2020. NIS2 aims to strengthen the protection of critical infrastructures and services against cyber attacks, as well as to promote cooperation and information exchange between Member States. NIS2 will affect companies within the EU in several ways, including by:
- Expand the scope to include more sectors and actors considered important to society, such as banking, energy, transport, healthcare, digital infrastructure, public administration, space and waste management.
- Tighten the requirements for risk management, incident reporting and security audits for the companies concerned.
- Introduce higher fines for violations, up to 10 million euros or 2 percent of global turnover.
- Improve supervision and coordination between national authorities and EU bodies.