The NIS2 directive strengthens cyber security throughout the EU – National implementation was launched in January

The goal of NIS2 is to strengthen cyber security in certain critical areas at the national and EU level. The scope of the directive covers, for example, energy and healthcare sector units and digital infrastructure service providers more broadly. The scope of the directive has also been expanded to cover new sectors and entities, such as public administration, the food industry and waste management.

In order to strengthen cyber security, the directive sets both risk management obligations and obligations to report cyber incidents that occur in critical sectors of society. The directive lists the minimum measures that all parties must take to manage cyber security risks in their operations. Cybersecurity risk management is based on risk and performance; when determining their level, the entity takes into account its size and risk exposure. Entities must also notify the authorities and, where applicable, the recipients of their services of significant events.

The directive continues the existing cooperation mechanisms of the member states and tightens the cooperation between authorities. The directive establishes the European Cyber ​​Crisis Liaison Organization Network (EU – CyCLONE) to support the coordinated management of large-scale cyber security incidents. ’s representative in the network is the Finnish Transport and Communications Agency’s Cybersecurity Center.

“With the new network, closer cooperation at the EU level will improve our national cyber security. The Ministry of Transport and Communications is responsible for national management and coordination to promote cyber security in Finland. Finland benefits from closer cooperation, but our partners also benefit from our position at the forefront of cyber security. These decisions strengthen cyber security both in Finland and in the EU, says the Minister of Transport and Communications Timo Magpie.

What next?

The directive was published on December 27, 2022. Member states have 21 months from the entry into force of the directive to transpose the provisions into their national legislation.

The Ministry of Transport and Communications launched national implementation on January 2, 2023 in order to incorporate the obligations of the new directive into national legislation. The Ministry carries out national implementation in broad cooperation with other administrative branches.


Source: Ministry of Transport and Communications

Source: The Nordic Page





Related Posts