NIS 2.0 Directive – Status Quo Update

Trilogue interinstitutional negotiations on a NIS 2.0 Directive started on 13 January 2022 with a political agreement reached as early as 13 May 2022. In a meeting on 20 July 2022, the Council Presidency has now presented its revised Presidency compromise text for a NIS 2.0 Directive to the Permanent Representatives Committee seeking authorisation to request the European Parliament to adopt its position in form of the compromise text. Work on the compromise had recently intensified with several technical meetings being held at the Council. Based on technical meetings of 15 and 16 June, the draft agreement text on the NIS 2.0 Directive of 17 June 2022, which – in a four-column format – presents a synopsis of the initial Commission Proposal, the European Parliament mandate, the Council mandate and the revised draft agreement text, was made publicly available. Changes to a prior revised draft agreement text of 3 June 2022 have only been minor and rather of a mere linguistic or clarifying nature. For instance, the draft agreement version of 3 June 2022 foresaw in Art. 20(2) that “entities shall communicate, without undue delay, the recipients of their services that are potentially affected by a significant cyber threat any measures or remedies that those recipients are able to take in response to that threat”; the draft agreement version of 17 June 2022 now clarifies that “entities are required to communicate, without undue delay…” making communication clearly mandatory. Similarly, the early warning within 24 hours enshrined in Art. 20(4) has been extended from a cross-border impact to also encompass incidents that could have a cross-border impact. Since the European Parliament is in recess over the summer, an adoption of the final text by the Parliament is unlikely before October.

Leave a Reply

Your email address will not be published. Required fields are marked *