The European Union (EU) has reached political agreement on new legislation that will impose common cybersecurity standards on critical industry organizations.
The new directive will replace the EU’s existing rules on the security of network and information systems (NIS Directive), which requires updating because “of the increasing degree of digitization and interconnectedness of our society and the rising number of cyber malicious activities at the global level.”
The NIS 2 Directive will cover medium and large organizations operating in critical sectors. These include providers of public electronic communications services, digital services, wastewater and waste management, manufacturing of critical products, postal and courier services, healthcare and public administration.
Among the provisions in the new legislation are flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities and preparing risk management measures.
It also aims to create stricter enforcement requirements and harmonize sanctions regimes across member states. Operators of essential services would face fines of up to 2% of annual turnover for failing to comply, while for important service providers, the maximum fine would be 1.4%.
The measures were originally proposed by the EU Commission in December 2020.
The political agreement will need to be formally approved by EU member countries and the European Parliament. Once passed, member states will need to transpose the new requirements into national law within 21 months.
Commenting on the announcement, Margrethe Vestager, executive vice-president for a Europe Fit for the Digital Age, said: “We have been working hard for digital transformation of our society. In the past months, we have put a number of building blocks in place, such as the Digital Markets Act and the Digital Services Act. Today, Member States and the European Parliament have also secured an agreement on NIS 2. This is another important breakthrough of our European digital strategy, this time to ensure that citizens and businesses are protected and trust essential services.”
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
Featured News
Meta Begins Defense After FTC Concludes Case in Landmark Antitrust Trial
May 15, 2025 by
CPI
UK Data Bill Still No Closer to Passage As Parliamentary ‘Ping-Pong’ Drags On
May 15, 2025 by
CPI
Regeneron Pharmaceuticals Awarded $271.2M in Damages Against Amgen
May 15, 2025 by
CPI
FTC Chair Proposes 15% Staff Reduction Amid Budget Constraints
May 15, 2025 by
CPI
UK Urges Antitrust Watchdog to Prioritize Growth and Clarity in Business Regulation
May 15, 2025 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Healthcare Antitrust
May 14, 2025 by
CPI
Healthcare & Antitrust: What to Expect in the New Trump Administration
May 14, 2025 by
Nana Wilberforce, John W O'Toole & Sarah Pugh
Patent Gaming and Disparagement: Commission Fines Teva For Improperly Protecting Its Blockbuster Medicine
May 14, 2025 by
Blaž Višnar, Boris Andrejaš, Apostolos Baltzopoulos, Rieke Kaup, Laura Nistor & Gianluca Vassallo
Strategic Alliances in the Pharma Sector: An EU Competition Law Perspective
May 14, 2025 by
Christian Ritz & Benedikt Weiss
Monopsony Power in the Hospital Labor Market
May 14, 2025 by
Kevin E. Pflum & Christian Salas