Blog | Cybercrime poses an increasing risk

Eolas Magazine – September 2022

With the ever-increasing digitalisation of personal and work life, it has become increasingly evident that cyber threats, be they from criminals or nation-state actors, pose an evolving risk to the everyday working of society.

The Network and Information Security Directive (NIS 1) set the precedent for EU legislation when it came to cybersecurity. Its goal was to achieve a high common level of cybersecurity across EU member states. It resulted in member states designating key “entities” as “operators of essential services” (OES) and led to regulations being put in place in national law around the area of cybersecurity, including incident notification by such entities.

Revised directive

Since the NIS 1 Directive was adopted, the threat landscape has moved on. As a result, the European Commission (EC) proposed a revised directive, NIS 2, which would widen the scope of the application to more entities in the sectors of the economy already within scope, as well as adding new sectors. The EC, when framing the proposed directive, also had the objective to create a high level of harmonisation with regard to security requirements and reporting obligations across the Union.

The new directive does away with the NIS 1 terms of OES and digital service provider (DSP) and instead replaces them with “important entities” and “essential entities”. The classification of organisations is determined by Annex I and II of the directive. By default, all entities belonging to a sector are automatically allocated to that category.

Read the full article on Eolas Magazine.

Mick Begley is our Chief Information Officer.