Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In Cybersecurity

Europe’s enhanced cybersecurity regime: Who does NIS2 apply to and what are the key obligations?

by , , and 2 Mins Read

Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive“) entered into force on January 16, 2023. It had to be transposed into national law by October 17, 2024. Only 9 Member States have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of Member States will need some time – see our post EU NIS2 implementation: where are we now? for a more detailed timeline. Nevertheless, companies are well advised to familiarize themselves with the new requirements and to provide for their implementation.

The NIS2 Directive extends the scope of application of security requirements for networks and information systems (“NIS”) to include numerous additional sectors compared to the previous NIS Directive (Directive (EU) 2016/1148). It also extends the range of obligations for public and private institutions. This means that companies that fall within the scope of the NIS2 Directive are subject to extensive new obligations. You can see a summary of the scope of application of NIS2 below; click here for a more detailed breakdown of which companies are covered by the NIS2 Directive, the obligations it imposes, sector-specific rules and possible effects of minimum harmonization, the sanctions in the event of a breach, and jurisdiction and territoriality under NIS2.

Categories:
Tags:
Author

Dr. Michaela Nebel is a partner in the Frankfurt office of Baker McKenzie. Michaela advises German and international companies on all aspects of information technology law, data protection law, IT contract law as well as on e-commerce, IT / data litigation related matters. Her practice covers in particular advice of companies on issues concerning domestic and cross-border data privacy law.

Author

Dr. Lukas Feiler, SSCP, CIPP/E, heads the Firm’s Commercial, Data, IPTech and Trade practice in Vienna. He is specialized in technology litigations, focusing on regulatory and civil disputes in the areas of data protection, AI, and platform regulation. Building on his litigation expertise, Lukas advises clients on strategic compliance issues in the areas of cyber security, data protection, and AI. Lukas also leads the AI Desk in Vienna and is a member of the Firm’s EMEA Data Privacy & Security leadership team. Lukas regularly represents clients before the Austrian Supreme Court, the Austrian Administrative Supreme Court, the European Commission, and the EU’s General Court and the CJEU.

Author

Caroline Heinickel is a Senior Counsel in Baker McKenzie’s Frankfurt office. Caroline leads the German telecommunications law practice. Caroline advises and represents companies and public authorities with a particular focus on telecommunications law, IT security and EU law matters. She regularly advises clients in a broad range of telecommunications regulatory, including representation before the Federal Network Agency and the German courts, in infrastructure projects and telecommunications transactions as well as in cybersecurity matters.

Author

Silvia Grohmann, CIPP/E is an associate at the Vienna office of Baker McKenzie. The landscape of EU legislation in the technology law sector is one of her areas of expertise. Her practice has a particular focus on providing strategic advisory in the areas data protection law, cybersecurity and AI. Silvia is well known to consistently publish articles on current legal issues related to emerging technologies and has made a name for herself amongst the industry with her strategic analyses and practical advice.

Related Posts