Digital Transformation: Position Paper on the European Commission’s proposal for a Directive on measures for a high common level of cybersecurity across the European Union (NIS2)

Published: 11 June 2021

Policies & Issues: Digital Transformation

To respond to the growing threats posed by digitalisation and the rise of cyberattacks, the European Commission has put forward a proposal replacing the current Network and Information Security (NIS) Directive. With this NIS2 proposal, the Commission aims to strengthen the security requirements in the EU by expanding the scope to include a wide range of medium and large-sized entities and sectors and their supply chains, streamlining reporting obligations, introducing more stringent supervisory measures and stricter enforcement requirements, and including harmonised sanctions across the EU.

Orgalim welcomes the Commission’s proposal to address the increasing level of cyber threats.  As the proposal is now covering a wider range of Europe’s technology industries due to the enlargement of its scope, we believe that for it to be workable, meaningful and effective, a number of issues need to be addressed:

1. To adapt the scope of the proposal needs to:

  • Increase the size-cap from 50 to 250 employees, aligned with the EU’s SME definition,

  • Introduce an extra criterion for “important” entities to target truly cyber-relevant entities,

  • Work on a clearer definition of “cloud computing service”,

  • Ensure availability of support measures for the “important” entities, for building their cybersecurity capacities.

2. Differentiate the obligations for the “essential” and “important” entities:

  • Narrow down the scope of incidents that need to be reported to ensure workability,

  • Increase the notification time and time for reporting to make it more impactful,

  • Narrow down the enforcement measures to make them more proportionate.

3. Ensure that certification and conformity are future-proof and meaningful:

  • Certification should remain voluntary,

  • There should be separate horizontal legislation on cybersecurity for networkable products within the NLF, instead of addressing it in the NIS2.​​​​​​​

4. Ensure proportionality of fines.

 

To read our recommendations in full, please download the document above. 

Authors

Tumenas
Tadas Tumenas
Adviser - Digital

Related Position Papers

Digital Transformation: Position Paper on the European Commission’s proposal for a Directive on measures for a high common level of cybersecurity across the European Union (NIS2) [11 June 2021]

Digital Transformation: Orgalim comments on the Data Governance Act [29 January 2021]

Digital Transformation: Safeguarding data flows - a joint statement from leading European associations on the EDPB “supplementary measures” recommendations [21 December 2020]

Digital Transformation: Proposal for a horizontal legislation on cybersecurity for networkable products within the New Legislative Framework [9 November 2020]

Digital transformation: Orgalim input into the European Commission consultation on “Artificial Intelligence – ethical and legal requirements” [10 September 2020]

Digital Transformation: Orgalim submission on “Legislative framework for the governance of common European data spaces” [31 July 2020]

Digital Transformation: Orgalim Position Paper Towards a Common European Data Space for Smart Manufacturing [4 February 2020]

Digital Transformation: Orgalim Manifesto: a European Agenda on Industrial AI [16 January 2020]

Digital transformation: Building a real European Single Market for Cybersecurity - A call for a consistent approach – guiding principles [20 November 2019]