On December 3, the Council of the European Union (EU), announced that it had agreed on its general approach to the text of the NIS 2 Directive. In December 2020, the European Commission adopted its proposal for a revised version of the current NIS Directive, to improve the overall strength and resiliency of incident response, to expand its scope, and remove divergences in requirements in the different Member States.
The agreement means that the Council Presidency can now begin negotiations on the text with the European Parliament to adopt a final version.
What’s new with NIS 2?
NIS 2 addresses security throughout the EU from the top-down, recognizing a need for unification on expectations, regulations and processes across different member states. To achieve this the directive:
- Sets a baseline for cybersecurity risk management measures and reporting obligations
- Updates and expands the list of sectors and activities subject to the obligations
- Introduces a size-cap rule*
- Establishes mechanisms for collaboration across state-wide authority systems
- Provides enforcement-based solutions and sanctions
The above work together to prioritize organizational trust, unification across silos and geographic locations, and to encourage business resiliency and continuity.
*As defined by the rule, size capping means that “…medium-sized and large entities operating within the sectors covered by the directive will fall within its scope.” See the announcement for more details.
The Importance of Regulatory Involvement while Establishing Trust & Unification Across the Security Lifecycle
Unification across domains and geographic locations enables customers and key stakeholders to expect a consistent standard of trust no matter location, industry, or situational nuances. The formation of directives like NIS 2 empowers informed, cohesive risk-based decision making across entities, setting the business foundation for:
- Confident risk quantification
- Consistent brand reputation
- Increased customer loyalty
- Streamlined compliance
- Efficient risk management
As individual entities begin to explore the benefits of trust and unification, the subsequent increase in regulatory action by key authorities is critical in setting global precedents so that the above benefits can be felt across the security industry as a whole.
How can OneTrust Help with NIS2 Compliance?
The OneTrust platform leverages expertise in GRC, specializing in Vendor Risk Management, Privacy, Incident Management and many other categories to deliver an immersive security and privacy management experience. A key component of the OneTrust incident management solution is identifying related jurisdictions, governing authorities, and notification requirements based on the context of the incident. We enable you to gain visibility into all aspects of your organization’s security structure and empower holistic security strategy by enabling your company to consider risk across all domains and regulatory expectations. This allows for seamless incident management and the ability to prioritize trust and transparency as a competitive advantage.
Further cybersecurity reading:
- Blog: Trust Talks: Actioning Trust-Based Cybersecurity from Individual to Enterprise
- Blog: Put a Hold on Hacks: Fight the Phish and Other Common and Emerging Cyberthreats
- Blog: Educate, Empower, Enable: The Importance of Cybercentric Education
Next steps on cybersecurity: