The National Cyber Security Centre (NCSC) has published new guidance to help organisations comply with new EU cybersecurity rules.
The Network and Information Security Directive, or NIS2, was due to be adopted by EU Member States by 17 October 2024, but Ireland missed this deadline.
It requires organisations in both the public and private sector to boost their cyber defences.
NIS2 expands the scope of covered organisations and sectors to improve the security of supply chains.
There will be stricter requirements for enforcing cybersecurity, and more severe repercussions for non-compliance including heavy fines and legal ramifications for managers.
The NCSC has published a new set of proposed Risk Management Measures (RMMs) and launched Cyber Fundamentals, a practical cyber security framework designed to help organisations comply with the NIS2 directive.
The centre said it provides a structured roadmap for the several thousand essential and important entities expected to come under the directive’s scope once transposed into Irish law in the coming months.
“A core challenge in this process has been determining how thousands of different businesses can demonstrate compliance with the directive’s broad security measure” said Joseph Stephens, Director of Resilience at the NCSC.
“We’ve worked hard to develop a framework that provides clear guidance, while remaining flexible enough to accommodate organisations of different sizes, sectors, and risk profiles.”
“Teaming up with other countries like Belgium and Romania makes this a solution that will work across the EU,” Mr Stephens said.
