On 28 November 2022, the Council announced it has adopted the Directive on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016/1148 (“NIS2 Directive”).
This follows the European Parliament’s approval of the NIS2 Directive on 10 November 2022. See press release here.
Among others, the NIS2 Directive introduces a size threshold rule for identifying the entities falling under its scope as opposed to the old NIS Directive where Member States were responsible for determining which entities would meet the criteria to qualify as operators of essential services.
See our last year article of the NIS2 Directive draft.
The NIS2 Directive will now have to be published in the Official Journal of the European Union. It will enter into force on the twentieth day following this publication and Member States will have 21 months from its entry into force to transpose it in the national legislation.
The press release is available here.