The Proposal for a NIS 2.0 Directive has been adopted at first reading with 577 votes to 6, with 31 abstentions at the Parliament’s plenary session of 10 November 2022. Since political agreement had been reached in June 2022, work had continued at technical level to finalise the provisional agreement on the full legal text. … Continued
On 3 November 2022, the EU Agency for Cybersecurity, ENISA, published its Threat Landscape 2022 (ETL) Report. The 10th edition of the Report covers the reporting period of July 2021 up to July 2022. The Report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; … Continued
Guest Author: Pier Giorgio Chiara The EU Commission presented on 15 September 2022 a proposal for a regulation ‘on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020’, known as the Cyber Resilience Act (CRA). The Act, building on the 2020 EU Cybersecurity Strategy for the digital decade, will bolster cybersecurity … Continued
Trilogue interinstitutional negotiations on a NIS 2.0 Directive started on 13 January 2022 with a political agreement reached as early as 13 May 2022. In a meeting on 20 July 2022, the Council Presidency has now presented its revised Presidency compromise text for a NIS 2.0 Directive to the Permanent Representatives Committee seeking authorisation to request … Continued
A key element of the NIS Directive is the obligation to implement appropriate security measures that pay regard to the state of the art. The appropriateness of a specific measure has to be assessed in a risk-based approach, thus, there is no one size fits all approach. With the entry into force of the NIS … Continued
On 13 April 2022, the European Union Agency for Cybersecurity (ENISA) published a report on national coordinated vulnerability disclosure (CVD) policies in the EU Member States. Coordinated vulnerability disclosure is a process by which vulnerabilites finders work together and share information with the relevant stakeholders such as vendors or ICT infrastructure owners. The ENISA report … Continued