The Cybersecurity Coalition submitted comments to the European Union Agency for Cybersecurity’s (ENISA) open consultation on its draft Implementing Guidance on the European Commission’s Implementing Regulation, which provides enumerated technical and methodological requirements related to the NIS 2 Directive. 

The NIS 2 Directive aims to enhance cybersecurity across the EU by mandating key entities manage risks to networks and information systems to minimize the impact of incidents. It entered into force on January 16, 2023 following its approval by the European Parliament and the Council of the European Union in 2022.

The Coalition and its member companies have actively engaged with ENISA, the European Commission, and other relevant European institutions throughout the development of the NIS 2 Directive. In August 2024, we submitted comments to the European Commission on its draft Implementing Regulation. While ENISA’s draft Implementing Guidance addresses several concerns raised in our earlier submission, some critical issues remain unresolved.

Our comments on the Implementing Guidance emphasize these remaining concerns, particularly regarding the technical and methodological requirements outlined in the Implementation Regulation’s Annex, which include items in the following areas:

  • Policy on the Security of Networks and Information
  • Risk Management Policy
  • Incident Handling
  • Supply Chain Security
  • Security in Network and Information Systems Acquisition, Development, and Maintenance
  • Human Resources Security
  • Asset Management

Additionally, we highlighted concerns about the Implementing Guidance’s alignment with other national and international standards and its applicability to organizations of varying sizes.

Luke O'Grady

Read Next

Trump EO Aims to Streamline Critical Infrastructure Resilience

In a move aimed at decentralizing incident-preparedness and response, President Trump signed an EO seeking to streamline the feds role in responding to incidents, like cyber attacks, and place decision-makin with State and locals.

Cybersecurity Regulatory Harmonization Hearing Highlights Need for Public Private Sector Partnerships

Private sector representatives emphasized the importance of streamlining cybersecurity regulations and improving information sharing efforts between the government and industry during a recent House hearing.

Industry Coalition Urges Commerce Secretary Lutnick to Prioritize Funding NIST Cyber Efforts

A letter addressed to Commerce Secretary Howard Lutnick from a coalition of industry organizations emphasizes the urgent need to sustain funding and support for the National Institute of Standards and Technology’s cybersecurity mission.