NIS 2 Directive, CER Directive and DORA – Important EU cybersecurity-related legislative acts come into force

Three important EU cybersecurity-related legislative acts have finally been published in the EU Official Journal on 27 December 2022 and will come into force on 16 January 2023:

  • NIS 2 Directive,
  • CER Directive and
  • DORA.

All aiming at strengthening the resilience of certain entities and partly overlapping in the scope of application, these legislative acts have different focus areas: While the NIS 2 Directive aims to respond to the security concerns for the cyber dimension, the RCE Directive sets out rules to reduce the vulnerabilities and strengthen the physical resilience of critical entities. The DORA on its part, lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities and addresses both, the digital as well as physical dimension.

As to the next steps, by 17 October 2024, Member States will need to adopt and publish the measures necessary to comply with the NIS 2 as well as the CER Directive. They will apply those measures from 18 October 2024 and the DORA will apply from 17 January 2025.

The article describes the key takeaways of the new legislation and highlights some important actions organisations should have in place before the DORA respectively the national implementation of the NIS 2 and CER Directives apply.

Click here to read the full article

Latest insights

More Insights
Suspension bridge over water at sunset

Generative AI in retail: Opportunities, Risks and Regulation in Australia

May 30 2024

Read More
Curiosity line yellow background

From traditional wisdom to global innovation: a fairer future with the WIPO traditional knowledge treaty

May 29 2024

Read More
Yellow curiosity line

BAN on the export of waste for disposal from 2026

May 29 2024

Read More

Related capabilities