The European Union Agency for Cybersecurity (ENISA) released draft technical guidance for the cybersecurity measures outlined in the NIS2 Directive’s Implementing Regulation (EU) 2024/2690. Industry stakeholders are invited to provide feedback on the draft guidance, which aims to support EU Member States and critical digital infrastructure entities in implementing robust cybersecurity risk-management measures.

The NIS2 Directive, which came into effect on October 17, 2024, sets out a new EU-wide framework to bolster cybersecurity resilience across critical sectors. ENISA’s technical guidance supplements this directive, offering practical advice and tools to ensure compliance with the newly adopted Commission Implementing Regulation.

The guidance is designed to help stakeholders navigate the technical and methodological requirements specified under NIS2. Key features include:

• Explanatory Support: Clarifications on legal terms and additional tips for interpreting and applying the requirements.

• Compliance Tools: Examples of evidence entities can provide to demonstrate compliance with the outlined measures.

• Standard Mapping: Tables linking NIS2 security requirements to European and international standards, as well as national cybersecurity frameworks.

This practical approach aims to ensure that entities such as DNS service providers, cloud computing providers, and managed security service providers can align their cybersecurity practices with NIS2’s rigorous expectations.

ENISA is inviting stakeholders from the digital infrastructure sector to review and comment on the draft guidance. Feedback can be submitted until December 9, 2024, at 18:00 CET, through the agency’s consultation platform. Detailed instructions for submitting comments are available online.

The draft guidance marks a collaborative effort between ENISA, the European Commission, and Member States via the NIS Cooperation Group. It is part of a larger initiative to ensure the successful implementation of the NIS2 Directive, which aims to enhance the cybersecurity posture of Europe’s critical infrastructure.

The NIS2 Directive expands upon its predecessor, establishing comprehensive cybersecurity measures for critical entities, including data centers, online platforms, and content delivery networks. The directive’s goal is to create a unified and resilient cybersecurity framework across the EU.

For more details or questions regarding the consultation process, stakeholders can contact ENISA via email at [email protected].

Need Help?

If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.