EU NIS 2 Directive enforce soon

The EU’s NIS 2 cybersecurity directive will on Oct. 17 become enforceable by member states. The rules impose tougher requirements on companies around their internal cyber resilience strategy and internal practices.

The NIS 2 directive expands the scope of its predecessor to address more recent cybersecurity challenges and threats that have emerged as criminals have found new ways to hack companies and compromise their sensitive data.

The NIS 2 directive applies to organizations that operate within the EU and provide essential services to consumers, including banks, energy suppliers, health care institutions, internet providers, transport firms, and waste processors.

The main areas it will address are risk management, corporate accountability, reporting obligations, and business continuity planning in the event of a cyber breach.