The pending cross industry regulation around NIS2 in Europe will introduce new requirements to guarantee the availability and uptime of critical services either a company or critical national infrastructure operator provides. NIS 2 was passed into law on January 16th, 2023, with a 21-month readiness window and goes live in October 2024.
NIS2 is essentially enshrining cyber security responsibility into European law for a much broader group of industry sectors which are cross market. The original industries defined in NIS were classified as ‘essential’ and included Healthcare, Drinking Water, Finance etc. (See table 1.1) With NIS2 we now see a new and broader category regarded as ‘important’ entities, which includes Postal and Courier Services, Food and Manufacturing and therefore a much broader set of industries. The law is designed to improve operational and cyber resilience of organizations and reduce the impact of cyber-attacks, especially for services for which the public and economy require to function. Currently cyber losses within the EU are estimated to be 11.3Bn Euro per annum.