ENISA Calls for Feedback on NIS2 Implementation for Digital Infrastructure
The European Union Agency for Cybersecurity (ENISA) is inviting industry stakeholders to comment on the technical guidance for the NIS2 implementing act regarding cybersecurity measures for critical entities in the digital infrastructure sector.
This guidance aims to assist EU Member States and entities in implementing the technical and methodological requirements of the NIS2 cybersecurity risk-management measures, as outlined in the Commission Implementing Regulation (EU) 2024/2690. Stakeholders are encouraged to provide feedback on the draft guidance by December 9, 2024, at 18:00 CET.
ENISA’s technical guidance offers additional advice and explanations on implementing the requirements, clarifying concepts and terms used in the legal text. It includes examples of evidence to assess compliance and tables mapping the security requirements in the Implementing Regulation to European and international standards, as well as national frameworks. This effort is part of a collaborative initiative with the European Commission and EU Member States through the NIS Cooperation Group.
The NIS2 Directive, which EU Member States were required to transpose into national legislation by October 17, 2024, seeks to enhance cybersecurity across Europe, particularly in critical sectors. The implementing rules adopted by the European Commission on the same date specify the cybersecurity risk-management measures for entities in various digital infrastructure sectors, including DNS service providers, cloud computing service providers, and social networking platforms.