NIS 2 Directive, CER Directive and DORA – Important EU cybersecurity-related legislative acts come into force
Written By
Partner
Germany
I'm a technology, copyright, AI, cyber security and data protection lawyer. My ambition is to provide the best and most suitable advice to clients and, in particular, to guide them through their technology transactions, IT and data in a pragmatic, solution-driven and innovative manner.
Partner
Netherlands
I'm a partner in our Dutch offices specialising in European and international regulatory projects in the communication and technology sectors. Today, I'm Chair of our Global Tech & Comms Group and head of our international Sector Regulation and Consulting practice.
Of Counsel
Netherlands
I am a Principal Regulatory Counsel in our Regulatory & Public Affairs practice in the Netherlands and Brussels. I have a focus on tech and comms and digital markets regulation, drawing on in-depth business knowledge and extensive experience in TMT and public administration.
Related
Sectors
Trending Topics
Regions
Countries
Three important EU cybersecurity-related legislative acts have finally been published in the EU Official Journal on 27 December 2022 and will come into force on 16 January 2023:
- NIS 2 Directive,
- CER Directive and
- DORA.
All aiming at strengthening the resilience of certain entities and partly overlapping in the scope of application, these legislative acts have different focus areas: While the NIS 2 Directive aims to respond to the security concerns for the cyber dimension, the RCE Directive sets out rules to reduce the vulnerabilities and strengthen the physical resilience of critical entities. The DORA on its part, lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities and addresses both, the digital as well as physical dimension.
As to the next steps, by 17 October 2024, Member States will need to adopt and publish the measures necessary to comply with the NIS 2 as well as the CER Directive. They will apply those measures from 18 October 2024 and the DORA will apply from 17 January 2025.
The article describes the key takeaways of the new legislation and highlights some important actions organisations should have in place before the DORA respectively the national implementation of the NIS 2 and CER Directives apply.
