We are inviting industry stakeholders to provide comments on the technical guidance for the NIS2 implementing act on cybersecurity measures for critical entities in the digital infrastructure sector.
ENISA is developing technical guidance to support EU Member States and entities with the implementation of the technical and methodological requirements of the NIS2 cybersecurity risk-management measures outlined in the Commission Implementing Regulation (EU) 2024/2690 of 17.10.2024.
ENISA develops this technical guidance to provide:
- Additional advice and tips on what to consider when implementing a requirement and further explanation about concepts and terms used in the legal text;
- Examples of evidence, which could be used to asses if a requirement has been met;
- Tables, mapping the security requirements in the Implementing Regulation to European and international standards, as well as national frameworks.
The draft of the technical guidance is now available for industry consultation through the following link: Implementation guidance on NIS 2 security measures — ENISA
Please send us your feedback latest on 9 January 2025, 18.00 CET. Further instructions on how to provide your feedback can be found here.
For more information and questions, please email ENISA-NIS-DIRECTIVE@enisa.europa.eu.
Background
The NIS2 is new EU-wide cybersecurity legislation that EU Member States were required to transpose into their national legislations by 17 October 2024. The NIS2 aims to achieve a high level of cybersecurity in Europe, and has a focus on increasing the resilience of the EU’s critical sectors. ENISA developed a NIS2 explanatory video and several infographics, with everything you want to know about the NIS2, the main concepts and new mechanisms.
On the 17th of October 2024, the European Commission adopted the implementing rules under the NIS2 Directive, specifying the NIS2 Directive cybersecurity risk-management measures for certain entities from the digital infrastructure, digital providers and ICT service management sectors. More specifically, these implementing rules lay down the technical and the methodological requirements for the following NIS2 subsectors: DNS service providers, TLD name registries, cloud computing service providers, data centre service providers, content delivery network providers (CDNs), managed service providers (MSPs), managed security service providers (MSSPs), providers of online market places, of online search engines and social networking services platforms, and trust service providers.
This complementary technical guidance was developed by ENISA, in collaboration with the Commission and the EU Member States within the NIS Cooperation group (NIS CG).
Further Information
NIS implementing rules – Commission website
NIS Directive 2 - ENISA website
NIS2 Directive full text – Commission website
Contact
For press questions and interviews, please contact press@enisa.europa.eu