European Parliament and the Council of the European Union reached a provisional agreement on the NIS2 Directive, a modernized framework based on the EU Network and Information Security Directive. NIS2 sets out "the baseline for cybersecurity risk management measures and reporting obligations" across applicable sectors, including energy, transportation, health and digital infrastructure. The new framework has a wider scope to include medium-sized entities and streamlined incident reporting requirements. Following final approval, entities will have a 21-month compliance window once the directive enters into force.
EU institutions reach provisional agreement on cybersecurity directive
RELATED STORIES
A view from DC: The growing reckoning over location data
Notes from the IAPP Canada: CRA breach a 'cautionary tale'
Notes from the IAPP Europe: October wrap-up
Council of Europe's Framework Convention on AI and its global implications
Notes from the Asia-Pacific region: Amid festive backdrop, Singapore unveils secure AI guidelines
