European Parliament Adopts Draft Cybersecurity Directive
On October 28, 2021, the European Parliament’s Committee on Industry, Research and Energy adopted a draft directive on cybersecurity (NIS2 Directive).
The new draft law would set tighter cybersecurity obligations in terms of risk management, reporting obligations and information sharing. EU countries would have to meet stricter supervisory and enforcement measures, and harmonise their sanctions regimes.
Compared to the existing legislation, the new directive would oblige more entities and sectors to take measures. “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors would be covered by the new security provisions. In addition, the new rules would also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers.