Digital Transformation: Position Paper on the European Commission’s proposal for a Directive on measures for a high common level of cybersecurity across the European Union (NIS2)

Published: 11 June 2021

Policies & Issues: Digital Transformation

To respond to the growing threats posed by digitalisation and the rise of cyberattacks, the European Commission has put forward a proposal replacing the current Network and Information Security (NIS) Directive. With this NIS2 proposal, the Commission aims to strengthen the security requirements in the EU by expanding the scope to include a wide range of medium and large-sized entities and sectors and their supply chains, streamlining reporting obligations, introducing more stringent supervisory measures and stricter enforcement requirements, and including harmonised sanctions across the EU.

Orgalim welcomes the Commission’s proposal to address the increasing level of cyber threats.  As the proposal is now covering a wider range of Europe’s technology industries due to the enlargement of its scope, we believe that for it to be workable, meaningful and effective, a number of issues need to be addressed:

1. To adapt the scope of the proposal needs to:

  • Increase the size-cap from 50 to 250 employees, aligned with the EU’s SME definition,

  • Introduce an extra criterion for “important” entities to target truly cyber-relevant entities,

  • Work on a clearer definition of “cloud computing service”,

  • Ensure availability of support measures for the “important” entities, for building their cybersecurity capacities.

2. Differentiate the obligations for the “essential” and “important” entities:

  • Narrow down the scope of incidents that need to be reported to ensure workability,

  • Increase the notification time and time for reporting to make it more impactful,

  • Narrow down the enforcement measures to make them more proportionate.

3. Ensure that certification and conformity are future-proof and meaningful:

  • Certification should remain voluntary,

  • There should be separate horizontal legislation on cybersecurity for networkable products within the NLF, instead of addressing it in the NIS2.​​​​​​​

4. Ensure proportionality of fines.


To read our recommendations in full, please download the document above. 


Tadas Tumenas
Adviser - Digital

Related Position Papers

Orgalim Key Recommendations on Digital Policy [17 June 2024]

Digital: Cyber Resilience Act: Europe’s technology industries ask decision-makers to proceed with care and caution [7 November 2023]

Digital: Joint Industry Statement on CRA [10 May 2023]

Digital Transformation: Orgalim’s position on the Cyber Resilience Act [5 April 2023]

Digital Transformation: Joint Statement - The Data Act is a leap into the unknown [1 February 2023]

Digital Transformation: Underestimating the Data Act’s impact on trade secrets’ protection will undermine European industrial competitiveness [17 January 2023]

Digital Transformation: Industry calls on EU legislators to respect principles of the New Legislative Framework in the AI Act [30 September 2022]

Digital Transformation: Orgalim position on the Chips Act proposal [9 September 2022]

Digital Transformation: Orgalim position on the Data Act proposal [12 May 2022]