The Network and Information Security 2 Directive (EU) 2022/2555 (“NIS2”) entered into force on 16 January 2023. NIS2 sets cyber rules for organizations whose services are considered essential or important for maintaining critical societal and economic activities, such as ensuring the flow of energy or financial transactions. As a Directive, NIS2 must be transposed into the national laws of the EU Member States before it can take direct effect. NIS2 generally requires Member States to adopt national implementing measures by 17 October 2024 and apply such measures from 18 October 2024.
This Legal Update provides a brief overview of the key points of NIS2 and shows the current status of implementation in the EU Member States.