Social consultation on the implementation of NIS2

Social consultation on the draft legislation on the implementation of the NIS2 Directive has been completed. What comes next?

The decree was published on January 31, 2024, in kormany.huwebsite, where more than 100 pages of documentation are available to the public. The deadline for social consultation expired on 8 February 2024, after which only minor changes are expected in the text of the regulation and the final wording is expected to appear on 6 March.

A NIS2 DirectiveIt covers actors in high-risk and high-risk sectors as well as their respective supply chains and supplier relationships. The sectors concerned include energy, transport, health, postal and courier services. It is clearly a matter of preparation affecting a large number of companies, requiring serious cyber protection measures, the deadline for which is dangerously approaching.

The regulation imposes strict and extensive requirements on the companies covered by it. Those affected have just over 8 months left to prepare for registration as well as for the audit.

Companies that are not covered by the regulation should not be left behind either, as NIS2 requires supply chain protection and risk management. In other words, those affected will demand stricter measures from their subcontractors and suppliers in order to facilitate their procedures and administration.

Safety classification and applicable protection measures min. Regulation

The purpose of this Regulation is Directive 2022/2555 of the European Parliament and of the Council on measures to ensure a uniform high level of cybersecurity throughout the Union and amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972 and repealing Directive (EU) 2016/1148 (hereinafter: NIS 2 Directive) the establishment of a system of requirements necessary for its implementation, the requirements for classification in the safety class and the specific protection measures to be applied to each safety class. In addition to a set of requirements to strengthen the cyber defence capabilities of organisations and their systems, the Regulation also sets out a framework to facilitate the application of the requirements and their integration into organisational functioning.

Sources:

• https://kormany.hu/dokumentumtar/biztonsagi-osztalyba-sorolas-es-alkalmazando-vedelmi-intezkedesek-min-rendelet

Author:
D. István Laszlo