Supervision of cybersecurity and resilience

The new EU Cybersecurity Directive NIS2 replaces the previous EU Network and Information Security Directive (NIS Directive). The Cybersecurity Directive will be implemented by the new Cybersecurity Act, which regulates the management of cybersecurity risks. The goal is to ensure a common level of cybersecurity across the Union. 

The CER Directive (Critical Entities Resilience Directive) concerns the resilience of entities critical to the functioning of society. With regard to cybersecurity risk management and incident reporting, entities identified as critical under the CER Directive are subject to obligations under the NIS2 Directive. The scope of the CER Directive covers a wide range of sectors, including health. The general act related to the CER Directive is prepared by the Ministry of the Interior. It is estimated that the identification of entities defined as critical under the CER Directive will take place in 2026.