# The European NIS2 Directive: A New Shield for Cybersecurity in Europe
In recent years, cyber threats have taken on a new dimension, posing an increasing danger to businesses and public institutions. The European NIS2 Directive aims to tackle this challenge with stricter rules for the security of networks and information. This new regulatory framework, which updates guidelines dating back to 2016, has been developed in response to events such as the COVID-19 pandemic and the invasion of Ukraine, which have put the European computer system to the test.
### Objectives of the NIS2 Directive
The primary goal of NIS2 is to raise cybersecurity levels in Europe through stronger cooperation between member states. This implies greater accountability for public and private companies, requiring them to strengthen their countermeasures against cyber threats. As of mid-October 2024, the regulation became operational in Italy, marking an important step towards a more resilient IT architecture.
### Sectors Subject to Regulatory Requirements
The directive involves a wide range of sectors deemed essential for the European economy. In particular, the rules will apply to large companies (with over 250 employees or revenue exceeding 50 million euros) and medium-sized enterprises (up to 50 employees or revenue over ten million euros). Furthermore, small and micro-enterprises may also be included, depending on their role or significance in the value chain.
The sectors that will need to comply are well eighteen, divided into two categories. Ten are considered “highly critical” and include:
– Energy suppliers
– Transportation
– Banking sector
– Financial market infrastructures
– Healthcare
– Water distribution
– Wastewater collection and disposal
– Digital infrastructures
– Information and communication technologies (ICT)
– Space services
The “other critical sectors” include:
– Postal services
– Waste management
– Manufacture and distribution of chemicals
– Food sector
– Production of technological devices
– Digital service providers
– Research organizations
In this context, public administration and other activities such as public transport are also included among the entities to which the regulation applies.
### The Role of the National Cybersecurity Agency
The National Cybersecurity Agency (Acn) is tasked with a fundamental role in the implementation of the NIS2 Directive. It will serve not only as a reference point for European institutions in the field of cybersecurity but also as the body responsible for managing cyber incidents in the country.
In particular, the Acn will be responsible for classifying companies into two categories: essential and important. This distinction, based on criteria of sector relevance, will allow for the application of new regulations in a proportional and specific manner. Companies classified as essential will be subject to more severe penalties in the event of non-compliance with the directives.
### How Companies Can Learn More
Companies that are interested in understanding whether NIS2 applies to them must register on the dedicated Acn platform. Starting from December 1, 2024, the contact point within the organization will need to register by filling out a series of requested information, including legal title, tax code, and the company’s IPA code.
After registration, Acn will send a validation link, through which companies will need to provide additional information to determine if they fall within the scope of NIS2. This registration process must be completed by February 28, 2025, but with varying deadlines for certain categories of critical services, which must register by January 17, 2025.
By March 31, 2025, companies…
