Supporting NIS2 implementation through actionable guidance

Under the NIS 2 Directive, EU Member States set requirements for cybersecurity risk management measures at national level in critical sectors, for example digital infrastructures, energy, transport or health. For the NIS 2 Digital Infrastructure and the ICT service management sectors these cybersecurity requirements are defined at EU level, by the Commission Implementing regulation 2024/2690 of 17 October 2024. ENISA now publishes a technical guidance to support companies in these sectors with the implementation of this regulation. Juhan Lepassaar, Executive Director at ENISA stated: “The implementation of NIS 2 is a top priority for ENISA. The Agency is pushing for more alignment and simplification. To achieve that, we are developing practical and technical cybersecurity guidance to support the implementation of cybersecurity measures, on their way to improve the cybersecurity maturity in Europe’s critical sectors.”This ENISA technical guidance was developed in collaboration with the NIS Cooperation group and the Commission, and we collected feedback from the private sector via an open consultation. The document provides guidance in the following cybersecurity requirements of the NIS 2 Implementing Regulation: Policy on the security of network and information systems Risk management policy  Incident handling Business continuity and crisis management  Supply chain security Security in network and information systems acquisition, development and maintenance Policies and...