Our interdisciplinary project EnCaViBS inter alia evaluates the implementation of the NIS Directive in the EU Member States. One of our focus points also in terms of the NIS 2.0 Proposal is the assessment of the different cooperation mechanisms introduced by the NIS Directive. In that regard we asked the single points of contact (SPOCs), … Continued

Responding effectively to the the challenges of NIS security requires inter alia the exchange of information on risks and incidents. Accordingly, the NIS Directive requires OESs and DSPs to report incidents with a significant/substantial impact. A key deliverable of the NIS Directive is also the creation of a computer security incident response teams network (‘CSIRTs … Continued

Pier Giorgio Chiara, Ph.D. student under the LASTJD-programme (Marie Sklodowska-Curie ITNEJD “Law, Science and Technology Rights of Internet of Everything” grant agreement No 814177) and Sandra Schmitz have just published with the International Cybersecurity Law Review on the advancement of Italian and German cybersecurity legislation compared to the Proposal for a NIS2 Directive. Their Article … Continued

Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and … Continued