NIS2’s extended scope takes a deep dive: Unpacking the EU Commission’s proposed expansion to Submarine Data Transmission Infrastructure
Summary
The EU's NIS2 Directive, a key cybersecurity regulation, is expanding its scope, contrary to hopes for regulatory simplification. The European Commission has proposed extending NIS2 to include Submarine Data Transmission Infrastructure, specifically targeting operators of submarine cables and associated landing stations. This expansion aims to enhance the resilience and security of critical digital infrastructure, recognizing the vital role these cables play in global data transmission. The proposal underscores a continued focus on strengthening cybersecurity across essential services within the EU, potentially increasing compliance obligations for entities involved in this sector.
Key takeaway
For CTOs and VPs of Engineering overseeing critical infrastructure, particularly those with operations involving submarine data transmission, you should immediately assess your organization's exposure to the proposed NIS2 expansion. Understand the new compliance obligations for submarine cables and landing stations to ensure your cybersecurity frameworks are robust and aligned with the evolving regulatory landscape, mitigating potential risks and penalties.
Key insights
NIS2's proposed expansion to submarine data transmission infrastructure aims to bolster critical digital infrastructure cybersecurity.
Principles
- Cybersecurity scope is expanding, not simplifying.
- Critical infrastructure includes submarine data cables.
In practice
- Assess current cybersecurity posture against NIS2.
- Identify assets related to submarine data transmission.
Topics
- NIS2 Directive
- EU Cybersecurity
- Submarine Data Infrastructure
- Regulatory Compliance
Best for: CTO, VP of Engineering/Data, Executive, Security Engineer, Policy Maker, Legal Professional
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Technology's Legal Edge.