Following the adoption of the NIS 2 Directive by the European Parliament and the Council in November, the new NIS Directive (Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)) has been published in the Official Journal of the EU on 27 December 2022 (OJ L 333, 27.12.2022, p. 80–152). According to Art. 45 NIS 2 Directive, the Directive shall enter into force on the twentieth day following that of its publication in the Official Journal, i.e. 16 January 2023.
The NIS 2 Directive has been subject to some changes compared to the draft agreement text on the NIS 2 Directive of 17 June 2022. On the editorial side, the final version saw a complete renumbering of articles; the Directive now has 46 articles compared to 43 in the draft version. A separate article on the determination of essential and important entities has been added, as well as a separate article on the relationship of the NIS 2 Directive to sector-specific Union Acts. Further, instead of 84 recitals, the NIS 2 Directive now contains 144 recitals. On the content side, the NIS 2 Directive also saw amendments compared to the June 2022 version; these amendments mainly relate to clarifications for instance in terms of the reporting obligations.
Along with the NIS 2 Directive, the DORA Regulation (Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011) has been published in the same number of the Official Journal (OJ L 333, 27.12.2022, p.1-79).