NIS2 implementation enters the final stretch six months to deadline Inside Privacy

pUpdates on developments in data privacy and cybersecurityppIn six months time on 17 October 2024 Member State laws that transpose the EUs revised Network and Information Systems Directive NIS2 will start to apply  As described in more detail in our earlier blog post here NIS2 significantly expands the categories of organizations that fall within scope of EU cybersecurity legislation This new crosssector law imposes additional and more granular security and incident reporting rules enhanced governance requirements that apply to organizations management bodies and creates a stricter enforcement regimeppOrganizations that are preparing for NIS2 need to keep a watchful eye on national implementing laws competent authorities and secondary legislation from the Commission on some of the substantive requirementsppSome Member States eg Croatia have already passed their transposing legislation and others eg Germany and Belgium have published draft laws that are going through the legislative process Despite the October deadline many Member States have not yet published drafts or started their legislative process NIS2 is a minimum harmonization law meaning that Member States implementing laws can impose additional obligations beyond those set out in the text of the Directive ppAs we enter the last six months before national laws start to apply establishing which Member States competent authorities will have jurisdiction to enforce NIS2 will also be a critical assessment for regulated entitiesppWe also expect to see European Commission implementing acts that will flesh out NIS2 obligations complementing guidance the Commission published earlier this year see our blog here These implementing acts were expected to be published in early 2024 but have not yet materialized Watch this spacepp                                            ppThe Data Privacy and Cybersecurity Practice at Covington has deep experience advising on privacy and cybersecurity issues across Europe including on NIS NIS2 and other cyberrelated regulations If you have any questions about Member State transpositions of NIS2 how NIS2 will affect your business or about developments in the cybersecurity space more broadly our team would be happy to assistppMark Young an experienced tech regulatory lawyer advises major global companies on their most challenging data privacy compliance matters and investigationsppMark also leads on EMEA cybersecurity matters at the firm He advises on evolving cyberrelated regulations and helps clients respond toppMark Young an experienced tech regulatory lawyer advises major global companies on their most challenging data privacy compliance matters and investigationsppMark also leads on EMEA cybersecurity matters at the firm He advises on evolving cyberrelated regulations and helps clients respond to incidents including personal data breaches IP and trade secret theft ransomware insider threats and statesponsored attacksppMark has been recognized in Chambers UK for several years as a trusted adviser practical resultsoriented and an expert in the field fast thorough and responsive extremely pragmatic in advice on risk and having great insight into the regulatorsppDrawing on over 15 years of experience advising global companies on a variety of tech regulatory matters Mark specializes inppPaul Maynard is an associate in the technology regulatory group in the London office He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech cloud computing and onlineppPaul Maynard is an associate in the technology regulatory group in the London office He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech cloud computing and online platforms He also advises clients on how to respond to law enforcement demands particularly where such demands are made across bordersppPaul advises emerging and established companies in various sectors including online retail software and education technology His practice covers advice on new legislative proposals for example on eprivacy and crossborder law enforcement access to data advice on existing but rapidlychanging rules such the GDPR and crossborder data transfer rules and on regulatory investigations in cases of alleged noncompliance including in relation to online advertising and cybersecurityppAleksander advises clients on legal problems associated with data protection cybersecurity and new technologies He holds degrees in both law and computer engineering which he combines to provide advice that is both legally sound and technologically pragmaticppAleksander has advised companies governments andppAleksander advises clients on legal problems associated with data protection cybersecurity and new technologies He holds degrees in both law and computer engineering which he combines to provide advice that is both legally sound and technologically pragmaticppAleksander has advised companies governments and charitable organizations on a range of technology law issues including data breach response compliance with privacy and cybersecurity laws and IT contract negotiations In addition to his experience advising on European law Aleksander is Australianqualified and has significant experience advising clients in the AsiaPacific particularly on Australian and Hong Kong lawppppAttorney AdvertisingppRepeatedly ranked as having one of the best privacy practices in the world Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry and of ecommerce and digital media business models in particularp