As there have been more and more questions on one particular topic in the last few weeks, we decided to dedicate the first few posts to the new European NIS2 Directive, simply called the Cyber Security Directive.
Why isn't one post on this topic enough? It's simple, you can find an endless amount of articles about NIS2 nowadays, but you turn to us that even after reading them it's difficult to get a handle on the subject. So we will divide NIS2 into several parts for you, each of which will deal with a different detail.
We'll explain the basic facts in the introductory post, and we'll add a schedule of other NIS2 posts at the end, so you'll know in advance what to expect in the days ahead.
It has to be said that the aim is not to explain the NIS2 Directive in detail, rather we want to offer you a simpler orientation on the subject, we will focus mainly on who is affected by NIS2 and what obligations the new Directive entails.
NIS 2 and the new law on cyber security
As such, the bill was approved by the Government on 17 July 2024. The next step in the legislative process is the discussion of the bill in the Chamber of Deputies. The actual text of the proposal and further information on the legislative process can be found at this link.
According to the NIS Directive2 , the transposition deadline is set for the new law to enter into force by 18 October 2024. Given the progress of the legislative process, we expect the law to enter into force at the beginning of 2025. The deadlines for the fulfilment of the other obligations will depend on the final effective date of the law.
Key facts
- NIS2 (NIS = Network and Information Security) is a directive of the European Parliament and the Council of the EU
- NIS2 builds on the 2016 NIS1 Directive and applies from 16 January 2023
- EU Member States have until 17 October 2024 to implement NIS2 in their local legislation
- NIS2 expands the range of companies and organisations whose cyber security will have to comply with statutory measures
- According to various sources, NIS2 will directly affect between 6,000 and 10,000 companies and organisations in the Czech Republic
- mpanies and organisations in the Czech Republic Therefore, the Czech legislation amends the Act on Cyber Security (ZoKB), which is an application of the NIS2 directive
The most significant changes in cyber law
- Significant expansion of companies and organizations that will have to meet increased demands on the cybersecurity of their operations
- The NIS2 regulation introduces several new cybersecurity measures for obliged persons, who will also have to register themselves in the register maintained by the NCIS
So that was really just a short introduction to the issue, the next post will focus on who NIS2 will affect.
Your Safee team