The NIS Directive— the first EU cybersecurity law — is the first horizontal internal market instrument aimed at improving the resilience of network and information systems in the Union against cybersecurity risks. Despite its notable achievements, the NIS Directive has shown certain limitations. The digital transformation of society, intensified by the COVID-19 crisis, has expanded the threat landscape. New challenges have appeared, which require adapted and innovative responses.

On 16 January 2023, the revised EU Cybersecurity Directive, Directive (EU) 2022/2555 (known as the Network and Information Security Directive, NIS2) entered into force, creating a modernised and more harmonised cybersecurity framework for organisations within the European Union. NIS 2 extends the scope of application and now includes a total of 18 sectors, divided into two categories.

The specific topics the training will cover are:

  • Current State of Cyber Security Legislation
  • NIS 2 Directive – introduction, scope and main obligations
  • Reporting of significant incidents
  • Supply chain (review of contractual relationships and requirements)
  • Cybersecurity Certification Schemes
  • Sanctions (in GDPR-like proportions) and liability of governing bodies
  • Authorities
  • Interrelationship with other normative acts at the EU level
  • What changes will there be in local legislation and when are they expected?
  • Main conclusions

The program is subject to change depending on the audience and the development of the regulatory framework.

Trainers: Denitsa Kozhuharova , Hristo Nihrizov and Nikola Stoychev