Supporting the implementation of Union policy and law regarding cybersecurity.
NIS Directive
On 16 January 2023, the Directive (EU) 2022/2555 (known as NIS2) entered into force replacing Directive (EU) 2016/1148. ENISA considers that NIS2 improves the existing cyber security status across EU in different ways by:
- creating the necessary cyber crisis management structure (CyCLONe)
- increasing the level of harmonization regarding security requirements and reporting obligations
- encouraging Members States to introduce new areas of interest such as supply chain, vulnerability management, core internet and cyber hygiene their national cybersecurity strategies
- bringing novel ideas such as the peer reviews for enhancing collaboration and knowledge sharing amongst the Member States
- covering a larger share of the economy and society by including more sectors which means that more entities are obliged to take measures in order to increase their level of cybersecurity.
NIS2 assigns to ENISA a number of significant new tasks such as:
- The development and maintenance of a European vulnerability registry
- The secretariat of the European Cyber Crises Liaison Organisation Network (CyCLONe)
- The publication of an annual report on the state of cybersecurity in the EU
- To support the organisation of peer reviews between member states
- The creation and maintenance of a registry for entities providing cross-border services e.g DNS service providers, TLD name registries, entities providing domain name registration services, cloud computing service providers and data centre service providers.
ENISA already plays a key role in the implementation of the NIS Directive by providing assistance to the Member States regarding its transposition, by supporting several working streams of the Cooperation Group with technical expertise and by providing the secretariat for the CSIRTs Network and organising the CyberEurope Exercise.
In addition, the Agency assists Member States as well as the Cooperation Group in their tasks by:
- Identifying good practices in the Member States regarding the implementation of the NIS directive;
- Supporting the EU-wide reporting process for cybersecurity incidents, by developing thresholds, templates and tools;
- Agreeing on common approaches and procedures;
- Helping Member States to address common cybersecurity issues.
ENISA will continue to support the implementation of the NIS directive as part of its mandate and its work programme. The Member States have 21 months in order to transpose NIS2 to their national legislative framework.