Skip to main content
Shaping Europe’s digital future

Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive)

The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.

    Digital icons of lock, internet, cloud and shield

© iStock by Getty Images -1169999045 aismagilov

The EU cybersecurity rules introduced in 2016 were updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape. By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.

The Directive on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) provides legal measures to boost the overall level of cybersecurity in the EU by ensuring:

  • Member States' preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority,
  • cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States. 
  • a culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.

Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.

Latest News

PRESS RELEASE |
Commission presents new initiatives for digital infrastructures of tomorrow

The Commission has presented a set of possible actions to foster the innovation, security and resilience of digital infrastructures. The future competitiveness of Europe's economy depends on these advanced digital network infrastructures and services, since fast, secure, and widespread connectivity is essential for the deployment of the technologies that will bring us into tomorrow's world: telemedicine, automated driving, predictive maintenance of buildings, or precision agriculture.

Related Content

Big Picture

Cybersecurity Policies

The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.

Dig deeper

NIS Cooperation Group

The Network and Information Systems Cooperation Group was established by the NIS Directive to ensure cooperation and information exchange among Member States.

See Also

The EU Cyber Solidarity Act

The EU Cyber Solidarity Act will improve the preparedness, detection and response to cybersecurity incidents across the EU.

22 Cybersecurity projects selected to receive €10.9 million

Operators of Essential Services (OES), National Cybersecurity Certification Authorities (NCCAs) and National Competent Authorities (NCAs) for cybersecurity are among the selected applicants that will receive €11 million in funding by the Connecting Europe Facility cybersecurity...

The EU Cybersecurity Act

The Cybersecurity Act strengthens the EU Agency for cybersecurity (ENISA) and establishes a cybersecurity certification framework for products and services.