Communications Litigation Today was a Warren News publication.

EU Governments Provisionally Agree on Updated Network Security Rules

Stronger EU cybersecurity rules advanced Friday when government and European Parliament negotiators agreed provisionally to the revised network and information security directive (NIS2). If approved by European Council members and the full Parliament, the measure would set the baseline for cybersecurity risk management measures and reporting obligations across several sectors, the Council said. One is digital infrastructure: The directive would apply to providers of public electronic communications services, digital services and domain name system services (see 2103220038). NIS2 introduces a size-cap rule under which all medium and large entities within the relevant sectors would be subject to the rules. Negotiators agreed on other provisions to ensure proportionality, a higher level of risk management and "clear-cut criticality criteria" for determining which enterprises are covered. The provisional accord also streamlines reporting requirements. The European Commission welcomed the political agreement, saying its next move will be a cyber-resilience act to ensure that digital products are more secure.