Competition Blog

New Rules on Cyber Security – the Council of the European Union has Adopted NIS2

On 28 November 2022, the Council of the European Union adopted the NIS2 Directive. The aim of the NIS2 Directive is to contribute to the enhancement of cyber security for critical infrastructure in the EU. The NIS2 Directive, inter alia, expands the list of sectors within the scope of the NIS regulatory framework and sets out minimum requirements on the security measures to be implemented by operators of essential services.

Delphi has previously reported on the NIS2 proposal on its Tech Blog and you can find further information on its implications here (in Swedish).

The European Parliament adopted the NIS2 Directive on 10 November, which means that the NIS2 Directive has now been adopted by both EU legislative bodies. The NIS2 Directive will be published in its final form in the Official Journal of the EU (“OJEU”) in the coming days. The NIS2 Directive will enter into force 20 days after its publication in the OJEU and EU Member States will then have 21 months to transpose its provisions into their national legislation.

The full press release of the Council of the European Union can be found here.