14,932
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + + + + + + + + +
no edit summary
The "'''Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union'''" (aka '''Directive on European Cybersecurity''', aka '''NIS2''') is a provisional agreement by the European Council and European Parliament to strengthen EU-wide [[cybersecurity]] and [[Cyber Resiliency|resilience]].<ref>[https://www.consilium.europa.eu/en/press/press-releases/2022/05/13/renforcer-la-cybersecurite-et-la-resilience-a-l-echelle-de-l-ue-accord-provisoire-du-conseil-et-du-parlement-europeen/ Strengthening EU-wide cybersecurity and resilience – provisional agreement by the Council and the European Parliament, Press, EC]</ref>
The "'''Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union'''" (aka '''Directive on European Cybersecurity''', aka '''NIS2''') is a provisional agreement by the European Council and European Parliament to strengthen EU-wide [[cybersecurity]] and [[Cyber Resiliency|resilience]].<ref>[https://www.consilium.europa.eu/en/press/press-releases/2022/05/13/renforcer-la-cybersecurite-et-la-resilience-a-l-echelle-de-l-ue-accord-provisoire-du-conseil-et-du-parlement-europeen/ Strengthening EU-wide cybersecurity and resilience – provisional agreement by the Council and the European Parliament, Press, EC]</ref>
==Overview==
NIS2 amends and replaces the Directive on Security of Network and Information Systems (NIS) enacted in 2016. Member States have to transpose the Directive into national law and directly applicable measures by 18 October 2024. NIS2 imposes cybersecurity measures and reporting obligations to essential and important entities and includes fines. Its scope includes top-level domain name registries and domain name system service providers that are under the jurisdiction of the Member State where they have their EU establishment. If they are not established in the EU but offer services in the Union, they should designate a representative. The Commission must specify the cybersecurity risk management measures and reporting obligations for DNS providers and TLD registries via implementing acts by October 2024. EU Member State laws implementing NIS2 shall require registries and registrars to:
# collect and maintain accurate and complete domain name registration data in a dedicated database;
# have policies and procedures, including verification procedures, in place to ensure accurate and complete information;
# make publicly available the domain name registration data which are not personal data;
# provide access to specific domain name registration data upon lawful and duly substantiated requests by legitimate access seekers, reply without undue delay and in any event within 72 hours of receipt of any requests for access; and
# cooperate with each other to avoid duplication of collecting domain name registration data.<ref>[https://icann76.sched.com/event/1J2JQ/gnso-rysg-geotld-group-nis2-impact-on-the-registration-procedure NIS2 Impact, ICANN76]</ref>
==Objectives==
==Objectives==