The UK is influenced by new EU cybersecurity rules

Pilar Arzuaga of McDermott Will & Emery analyses the EU and UK data protection landscapes following the recent introduction of the EU Network and Information Security 2 Directive.

On 28 November 2022, the Council of the European Union formally adopted the Network and Information Security 2 Directive (NIS 2 Directive), replacing the current NIS Directive (Directive 2016/1148/EC). On 27 December 2022, it was published in the Official Journal of the European Union. The NIS 2 Directive builds on the original NIS Directive (the first cybersecurity legislation in Europe) and extends its scope with the aim of further harmonising cybersecurity requirements in the European Union (EU) and strengthening security against cyberattacks across a broader range of sectors.

The NIS 2 Directive will enter into force 20 days following its publication in the Official Journal. EU Member States will have 21 months from the entry into force of the Directive to incorporate the NIS 2 Directive into national legislation, meaning the NIS 2 Directive will be in force by late 2024.

Continue Reading

UK Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.