NIS 2 Directive and DORA – Important EU cybersecurity-related legislative acts came into force. Join us at a Bootcamp on May 25th in DoubleTree by Hilton to discuss these important topics with the experts from Thales and Alfatec.
The EU is fighting back against cybercrime and protecting critical infrastructure with some new legislation. The Digital Operational Resilience Act (DORA) and NIS2 (Network and Information Systems Directive 2) are both EU legislative instruments that aim to enhance the cybersecurity of EU networks and information systems.
What is DORA?
DORA addresses an important issue within EU financial regulation. Before DORA, financial institutions managed the main categories of operational risk mainly with the allocation of capital, but they did not manage all components of operational resilience. DORA will apply to a wide range of financial entities, including credit institutions, electronic money institutions, investment firms, insurance undertakings, and reinsurance undertakings. After DORA, they must also follow rules for the protection, detection, containment, recovery, and repair capabilities against ICT-related incidents. DORA explicitly refers to ICT risk, and sets rules on ICT risk management, incident reporting, operational resilience testing and ICT third-party risk monitoring. This Regulation acknowledges that ICT incidents and a lack of operational resilience have the possibility to jeopardize the soundness of the entire financial system, even if there is “adequate” capital for the traditional risk categories. Remember, the Digital Operational Resilience Act (DORA) is a Regulation, not a Directive, so it is binding in its entirety and directly applicable in all EU Member States.
Full name: The full name is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)”.
Deadline: It shall apply from 17 January 2025.
What is NIS2?
NIS2 is an evolution of the NIS directive (2016) that requires EU member states to take measures to improve the cybersecurity of network and information systems, establish national incident notification systems, and cooperate with other EU member states and EU institutions in the field of cybersecurity. It also requires operators of essential services (such as energy, transport, health, and banking) and digital service providers (such as search engines and cloud services) to implement appropriate and proportional security measures and to notify serious incidents to the national authority. The directive aims to increase the level of cybersecurity in the EU and to ensure a common level of security for networks and information systems across the EU.
Thales and NIS2
Drawing on decades of experience helping corporate entities and public enterprises adhere to compliance mandates, Thales offers a broad portfolio of products and services that enable your organization to strengthen its cyber security capabilities, address the security of supply chains, streamline reporting obligations, and comply with more stringent supervisory measures and stricter enforcement requirements for NIS2, and other regulations such as GDPR, and the Schrems II ruling. In addition, Thales works closely with partners to offer comprehensive solutions that can reduce the scope of your compliance burden.
Apply here for a Thales NIS2/DORA Bootcamp and find out how we can prepare you for the oncoming changes.