It was growing threat levels and an increase in reported cybersecurity attacks since digitalization which pushed the European Union to introduce the original Network and Information Security (NIS) Directive in 2016.
The rules at the time went some way towards increasing the defence capabilities of member states, but it soon become apparent that an upgrade was needed to boost the cybersecurity of critical infrastructure too. Step forward the NIS2 directive, due to become law in October 2024 and affecting more than 160,000 companies under its jurisdiction, with a maximum fine of €10 million for non-compliance.
