The Cybersecurity Coalition submitted comments to the European Union Agency for Cybersecurity’s (ENISA) open consultation on its draft Implementing Guidance on the European Commission’s Implementing Regulation, which provides enumerated technical and methodological requirements related to the NIS 2 Directive.
The NIS 2 Directive aims to enhance cybersecurity across the EU by mandating key entities manage risks to networks and information systems to minimize the impact of incidents. It entered into force on January 16, 2023 following its approval by the European Parliament and the Council of the European Union in 2022.
The Coalition and its member companies have actively engaged with ENISA, the European Commission, and other relevant European institutions throughout the development of the NIS 2 Directive. In August 2024, we submitted comments to the European Commission on its draft Implementing Regulation. While ENISA’s draft Implementing Guidance addresses several concerns raised in our earlier submission, some critical issues remain unresolved.
Our comments on the Implementing Guidance emphasize these remaining concerns, particularly regarding the technical and methodological requirements outlined in the Implementation Regulation’s Annex, which include items in the following areas:
- Policy on the Security of Networks and Information
- Risk Management Policy
- Incident Handling
- Supply Chain Security
- Security in Network and Information Systems Acquisition, Development, and Maintenance
- Human Resources Security
- Asset Management
Additionally, we highlighted concerns about the Implementing Guidance’s alignment with other national and international standards and its applicability to organizations of varying sizes.
Read Next
CDM 2.0: Advancing Federal Cybersecurity
As federal agencies modernize IT systems, the Continuous Diagnostics and Mitigation Program must as well. This paper details recommendations on how CDM can evolve to meet new demands and threats.
Digital Evidence in Europe: Persistent Challenges, Practical Solutions
"Digital Evidence in Europe: Persistent Challenges, Practical Solutions" focuses on the transformative opportunity — and challenges ahead — presented by the EU’s upcoming e-Evidence framework.
S3 Ep 02: International Cyber Regulatory Alignment, UK Cyber Resilience
In the latest Distilling Cyber Policy podcast our hosts continue the season’s run of returning guests with a conversation featuring Irfan Hemani, discussing international cyber regulatory alignment and the growing challenge of overlapping rules.
