The European Parliament adopts NIS2 and DORA proposals
Browse this blog post
Related news and insights
Blog Post: 26 October 2023
Blog Post: 11 October 2023
Blog Post: 20 September 2023
The NIS2 Directive will impose stricter cybersecurity obligations on a broad range of entities operating in critical infrastructure sectors (such as digital infrastructure, banking, energy, health, transportation, space and public administration) and so-called “important sectors” (such as food, chemicals, electronics, machinery, medical device manufacturing, motor vehicles and digital providers). Unlike the current NIS Directive, where entities in specific sectors need to be designated based on certain criteria as operators of essential services or digital service providers in order to be in scope, all large and medium-size companies in these sectors will be covered by the NIS2 obligations. The NIS2 Directive will tighten, among others, the rules on risk management, supply chain cybersecurity, incident reporting, information sharing and vulnerability disclosure. You can read A&O blogs about the NIS2 Directive here, here, and here.
The DORA offers a digital operational resilience framework for a wide range of financial institutions (e.g. credit institutions, payment and electronic money institutions, trading venues, central securities depositories, crypto-asset service providers etc.), to ensure institutions are able to protect against, respond to and recover from different ICT-related attacks and threats. You can read A&O blog about the DORA here and listen to podcasts here.