The Cybersecurity Coalition submitted comments to the European Union Agency for Cybersecurity’s (ENISA) open consultation on its draft Implementing Guidance on the European Commission’s Implementing Regulation, which provides enumerated technical and methodological requirements related to the NIS 2 Directive.
The NIS 2 Directive aims to enhance cybersecurity across the EU by mandating key entities manage risks to networks and information systems to minimize the impact of incidents. It entered into force on January 16, 2023 following its approval by the European Parliament and the Council of the European Union in 2022.
The Coalition and its member companies have actively engaged with ENISA, the European Commission, and other relevant European institutions throughout the development of the NIS 2 Directive. In August 2024, we submitted comments to the European Commission on its draft Implementing Regulation. While ENISA’s draft Implementing Guidance addresses several concerns raised in our earlier submission, some critical issues remain unresolved.
Our comments on the Implementing Guidance emphasize these remaining concerns, particularly regarding the technical and methodological requirements outlined in the Implementation Regulation’s Annex, which include items in the following areas:
- Policy on the Security of Networks and Information
- Risk Management Policy
- Incident Handling
- Supply Chain Security
- Security in Network and Information Systems Acquisition, Development, and Maintenance
- Human Resources Security
- Asset Management
Additionally, we highlighted concerns about the Implementing Guidance’s alignment with other national and international standards and its applicability to organizations of varying sizes.
Read Next
Cybersecurity Coalition Comments on CRA Implementing Regulation on Technical Descriptions of Products with Digital Elements
The Cybersecurity Coalition submitted comments to the European Commission’s open consultation on its draft Implementing Regulation on critical products with digital elements.
Cybersecurity Coalition Comments on UK Ransomware Proposals
The Cybersecurity Coalition submitted comments to the Home Office’s open consultation on Ransomware legislative proposals: reducing payments to cyber criminals and increasing incident reporting.
EU Releases Digital Europe Work Programmes for 2025-2027
The European Commission and the European Cybersecurity Competence Centre both released Work Programmes, which describe funding for the EU’s Digital Europe Programme.