EU directive on 28 November 2022

The European Parliament formally adopted a new EU directive on 28 November 2022, which will update minimum cybersecurity standards across the EU (commonly referred to as “NIS 2” (Network and Information Security Directive 2). NIS 2 will repeal NIS 1 and impose stricter requirements on in-scope companies to make the EU’s cybersecurity landscape more robust in response to cyber threats. NIS 2 sets out, amongst others, seven key elements that must be addressed in an organisation’s cybersecurity and cyber-risk policies, including incident response, supply chain security, encryption and vulnerability management.