NIS 2 Directive, CER Directive and DORA – Important EU cybersecurity-related legislative acts come into force

Three important EU cybersecurity-related legislative acts have finally been published in the EU Official Journal on 27 December 2022 and will come into force on 16 January 2023:

  • NIS 2 Directive,
  • CER Directive and
  • DORA.

All aiming at strengthening the resilience of certain entities and partly overlapping in the scope of application, these legislative acts have different focus areas: While the NIS 2 Directive aims to respond to the security concerns for the cyber dimension, the RCE Directive sets out rules to reduce the vulnerabilities and strengthen the physical resilience of critical entities. The DORA on its part, lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities and addresses both, the digital as well as physical dimension.

As to the next steps, by 17 October 2024, Member States will need to adopt and publish the measures necessary to comply with the NIS 2 as well as the CER Directive. They will apply those measures from 18 October 2024 and the DORA will apply from 17 January 2025.

The article describes the key takeaways of the new legislation and highlights some important actions organisations should have in place before the DORA respectively the national implementation of the NIS 2 and CER Directives apply.

Click here to read the full article

Latest insights

More Insights
Curiosity line teal background

A Deep Dive into China’s Network ID Proposal

Nov 06 2024

Read More
mountain scape

European Union Artificial Intelligence Act Guide

Nov 06 2024

Read More

California’s AI bill vs. the EU AI Act: a cross-continental analysis of AI regulations

Nov 06 2024

Read More