Implementing Directive (UE) 2016/1148 (NIS) and Directive (UE) 2022/2555 (NIS2): An overview of the current situation in Portugal
- The NIS Directive brought about a shift in the institutional and regulatory approach to cybersecurity, yet it encountered challenges leading to fragmentation among Member States.
- The NIS 2 Directive was issued on December 14, 2022, aiming to enhance cybersecurity across the EU and requiring Member States to transpose it into their national laws by October 17, 2024.
- Directive NIS 2 introduces a range of changes from its predecessor, notably expanding the scope of application, implementing improvements on risk management and organizational awareness, establishing new incident notification criteria and introducing new entities such as EU-CyCLONe to bolster cooperation among Member States.
- Portugal is urged to adhere to the standardized approach outlined at EU level by implementing the NIS 2 Directive without deviation, as a centralized and uniform evaluation method ensures equal standards and fair competition among market operators.