Digital Transformation: Position Paper on the European Commission’s proposal for a Directive on measures for a high common level of cybersecurity across the European Union (NIS2)
Published: 11 June 2021
Policies & Issues: Digital Transformation
To respond to the growing threats posed by digitalisation and the rise of cyberattacks, the European Commission has put forward a proposal replacing the current Network and Information Security (NIS) Directive. With this NIS2 proposal, the Commission aims to strengthen the security requirements in the EU by expanding the scope to include a wide range of medium and large-sized entities and sectors and their supply chains, streamlining reporting obligations, introducing more stringent supervisory measures and stricter enforcement requirements, and including harmonised sanctions across the EU.
Orgalim welcomes the Commission’s proposal to address the increasing level of cyber threats. As the proposal is now covering a wider range of Europe’s technology industries due to the enlargement of its scope, we believe that for it to be workable, meaningful and effective, a number of issues need to be addressed:
1. To adapt the scope of the proposal needs to:
Increase the size-cap from 50 to 250 employees, aligned with the EU’s SME definition,
Introduce an extra criterion for “important” entities to target truly cyber-relevant entities,
Work on a clearer definition of “cloud computing service”,
Ensure availability of support measures for the “important” entities, for building their cybersecurity capacities.
2. Differentiate the obligations for the “essential” and “important” entities:
Narrow down the scope of incidents that need to be reported to ensure workability,
Increase the notification time and time for reporting to make it more impactful,
Narrow down the enforcement measures to make them more proportionate.
3. Ensure that certification and conformity are future-proof and meaningful:
Certification should remain voluntary,
There should be separate horizontal legislation on cybersecurity for networkable products within the NLF, instead of addressing it in the NIS2.
4. Ensure proportionality of fines.
To read our recommendations in full, please download the document above.
Adviser - Digital