Uutiset-näyttösivun murupolku en

New regulation for operators due to the Cybersecurity Act – attend webinars

1.11.2024 | Published in English on 7.11.2024 at 10.02

The new Cybersecurity Act that is currently being discussed by Parliament will enforce the Cybersecurity Directive (the ‘NIS2 Directive’). The aim is to ensure a common level of cybersecurity across the European Union. 

The legislative proposal introduces new obligations for several sectors, including operators supervised by the Finnish Medicines Agency (Fimea).  The new obligations include:

  • Obligation to register as an operator

  • Cybersecurity risk management obligations

  • Cybersecurity incident reporting obligations  

According to the draft Cybersecurity Act, the following key operators will be subject to Fimea’s control in Finland, among others:

  • Manufacturers of medicinal substances and medicines

  • Manufacturers of medical devices and in vitro medical devices for diagnostics

  • Blood establishments

  • Operators involved in the research and development of medicines

  • Pharmacies

  • Other potential medical device operators as specified in more detail in the Cybersecurity Act

In the draft Cybersecurity Act currently being processed by Parliament, companies to be monitored are defined primarily on the basis of their size.  Following the entry into force of the Act, control measures will be targeted in particular at large and medium-sized enterprises. According to the legislative proposal, these include companies employing more than 250 people and those employing more than 50 people respectively.

Operator registration through e-services

Fimea will publish instructions on electronic submission and registration as an operator in accordance with the Cybersecurity Act for operators controlled by Fimea when the Cybersecurity Act enters into force. 

Enter a webinar date in your calendar now – questions can also be sent in advance 

Fimea will arrange two webinars on the Cybersecurity Act and registration procedure:

  • One primarily aimed at the pharmaceutical sector and blood establishments on 3 December 2024 from 13:00 to 15:00.

  • One primarily aimed at medical device operators on 17 December 2024 from 13:00 to 15:00 (PLEASE NOTE the changed date).

The webinars will be live webcasts open to anyone. The content of both webinars will be the same, but the Fimea control specialists in attendance will change.

You can therefore attend either webinar, but detailed questions about a specific control area should be posed in the webinar primarily dedicated to that area. A more detailed schedule and instructions on how to send questions in advance will be published closer to the webinars.

Read more

NIS2 – European Union Cybersecurity Directive (National Cyber Security Centre Finland)

Government proposal HE57/2024 (Eduskunta)

NIS2 Directive (EU)

Ask more

  • [email protected]
  • Johanna Linnolahti, Development Manager (Supervision and availability), tel. +358 29 522 3231
  • Monica Pelasoja, assistant, tel. +358 29 522 3224
  • Email address format: [email protected].

Uutiset-näyttösivun linkit en

Tulosta-painike en