The European Commission has adopted new cybersecurity rules for critical infrastructure across the EU, taking a major step toward enhancing digital resilience.
This implementing regulation under the updated NIS2 Directive specifies cybersecurity measures for essential sectors and outlines when companies must report significant incidents to national authorities.
The rules apply to key digital service providers, including cloud computing, data centers, online marketplaces, search engines, and social networking platforms.
The regulation also defines which incidents are deemed significant enough to trigger mandatory reporting.
This adoption coincides with the deadline for Member States to incorporate the NIS2 Directive into their national laws.
Starting October 18, 2024, all EU countries are required to enforce NIS2 measures, ensuring a standardized level of cybersecurity, supervisory oversight, and enforcement across the Union.
