How NIS2 and DORA seek to strengthen cybersecurity for enterprises in the EU Compliance – Security Frederik Mennes Wed, 02/22/2023 – 16:10 Compliance February 22, 2023
Digitalization and technological advancements have often increased the risk of cyberthreats to information and communications technology (ICT) frameworks across industries, particularly in the financial sector. What’s more, these threats can have serious consequences, including the loss of sensitive financial data, operational disruption, and financial instability.
In response, the European Union is seeking to:
1. bolster the stability and security of the wider European economy, 2. enhance the protection of consumers’ financial data, and 3. mitigate critical cyber-risks.
Today, I’ll provide a broad introduction to two key pieces of legislation that aim to further these goals by enhancing operational resilience to cyberattacks across the financial system and key economic sectors: DORA and NIS2.
#1: What are NIS2 and DORA?
NIS2, or the second network and information security directive, applies in the European Union, across industry verticals. Its purpose is to strengthen ICT network and information security in critical sectors in EU member states. It has been adopted by the European Parliament and is expected to become effective by the end of 2024.
NIS2 is the successor to NIS, which has already been around for a couple of years. NIS2 contains amendments to the original directive and expands the number of covered sectors compared to NIS1. It also expands the number of critical entities compared to NIS1. It’s