Application Domain Network and Information Security (NIS2)
摘要
In 2022, the new regulation on Network and Information Security (NIS2) was officially published by the European Union (EU). NIS2 enacts stricter regulation on cybersecurity compared to NIS, with an emphasis on reporting obligations and notifications, and stipulates tougher enforcement and higher penalties for violating NIS2 clauses. In this context, NIS2 sets out distinct measures aimed on achieving a higher maturity level of cybersecurity across the West European EU-Member States. These measures include obligations for EU-Member States like adopting national cybersecurity strategies, establishing competent authorities and cyber crisis management authorities, designating single points of contact on cybersecurity issues, and others. NIS2 entered into force on January 16th, 2023, and shall be implemented in national law by EU Member States by October 2024. However, the implementation of the NIS2 Directive across the EU is uneven. Despite the October 17, 2024 deadline, many EU-Member states are still in the process of transposing the directive into national law. As on March 2025 only six EU-Member States achieved full implementation. In total, proactive and targeted measures are needed to meet the requirements of the NIS2 Directive in an effective and efficient manner. This need to improve the resilience of digital ecosystems like critical infrastructure, digital service providers and other entities, against cyber risks to ensure a coordinated response across EU-Member States. Thus, the NIS2 Directive require organizations to adopt fundamental cybersecurity measures, by means of the exact scope of compliance. Given that fact, this chapter introduce in Sect. 4.1 into aims and scope of the NIS2 Directive from an application-oriented perspective, while Sect. 4.2 refers to the compliance and regulatory pressure from the NIS2 Directive. Thereafter, Sect. 4.3 focus on liability issues referring to NIS2, while Sect. 4.4 give essential practical measures applicable for organizations with regard to the requirements in NIS2 Article 21.2, to be fulfilled. Section 4.5 introduce in detail how organizations should prepare in general for NIS2 requirements and Sect. 4.6 gives important practical examples for their realization of business continuity planning in regard to NIS2 requirements. Section 4.7 finally focus on elementary requirements to build up an emergency communication plan that fit to NIS2. Section 4.8 contains comprehensive questions, followed by references.