A tough new EU cyber law is off to a messy start, with many countries failing to adopt the rules

A tough new EU cyber law is off to a messy start, with many countries failing to adopt the rules

Businesses have been working hard to shift their culture internally to ensure they’re taking the threat of cyber breaches and outage incidents seriously.

Andrew Brookes | Image Source | Getty Images

New European Union regulations requiring businesses to bolster their cyber defenses is off to a slow start as many member states have failed to adopt the rules in time to meet a key enforcement deadline, according to research monitoring the progress of the directive.

The EU’s NIS 2 cybersecurity directive sets a high benchmark for companies over their internal cybersecurity systems and practices. It imposes tougher requirements around risk management, transparency obligations and business continuity planning, in the event of a cyber breach.

On Thursday, the new directive officially became enforceable by member states. That means firms have to now ensure their operations are up to scratch with the rules. However, most EU member states have yet to implement NIS 2 in their own respective national laws, meaning that enforcement is likely to be spotty.

Two countries — Portugal and Bulgaria — haven’t begun the transposition process for NIS 2, where directives are incorporated into the national laws of EU member states, according to a tracker tool from internet research organization DNS Research Federation. The governments of Portugal and Bulgaria were not immediately available for comment when contacted by CNBC Wednesday.

“The implementation status varies significantly across the bloc,” Tim Wright, partner and technology lawyer at Fladgate, told CNBC via email.

What is NIS 2?

Will it be effective?

State-backed cyber attacks are on the rise this year: DXC Technology

What if a company fails to comply?

Source link

See also  Courts in Nebraska and Missouri weigh arguments to keep abortion measures off the ballot
News