This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of secunet Security Networks AG
Forums it-sa Expo Knowledge Forum B

Cyber Regulation in Europe - what are companies supposed to do now

The digital world is growing and evolving. Companies are facing ever stricter cybersecurity regulations.

calendar_today Wed, 11.10.2023, 14:30 - 14:45

event_available Hybrid

place Forum, Booth 6-235

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Legislation, standards, regulations Industry 4.0 / IoT / Edge Computing

Key Facts

  • NIS-2 Directive
  • EU Cyber Resilience Act
  • EU Directive on the Resilience of Critical Facilities

Event

This action is part of the event Forums it-sa Expo

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Cyber regulation in Europe has increased significantly in recent years as the digital world continues to grow and evolve. Companies are facing increasingly stringent regulations and requirements to strengthen their cybersecurity practices and ensure the protection of sensitive data. In light of this evolution, companies must be proactive to meet regulatory requirements and avoid potential penalties. Cyber Resilience Act, NIS-2 and CER Directive, European policy intensifies regulatory pressure for industry companies. The cybersecurity regulatory landscape for industrial companies in Europe is diverse. Who are affected by the regulations? What obligations arise from them? And what do companies have to do now? Frank Sauber, Global Head of Sales & Business Enablement Division Industry at secunet, provides an overview. 

  1. Directive on Security of Network and Information Systems (NIS-2 Directive) 
    The NIS-2 Directive is an important part of the EU digital strategy "Shaping Europe's Digital Future" and the further development of the NIS Directive already adopted in 2016. The aim is to ensure a high level of cybersecurity at European level and thus strengthen the single market. The directive entered into force on 16 January 2023. The EU member states have until 17 October 2024 to transpose the provisions into national legislation. 
    Affected economic sectors are divided into two categories: essential/essential - sectors with high criticality - and important/important - other critical sectors. The former include, for example, energy, transport and traffic, financial markets, the health sector, digital infrastructures and public administration. Other critical sectors include postal and courier services, manufacturing, chemicals, and the production of medical devices, electronic equipment, machinery and transport. Which companies within the defined sectors are exactly affected is defined by the respective national legislation.
  2. EU Cyber Resilience Act - Cybersecurity for Connected Products
    The EU Cyber Resilience Act (CRA) is a draft law with the aim of protecting end consumers and companies from products with inadequate IT security features. To this end, the law aims to define requirements for products with digital elements in terms of development, design and production, thus ensuring cyber security throughout the life cycle - including the availability of software updates. The security level of networked end products is to be increased in order to prevent cybercrime. The law is expected to come into force before the end of 2023. After that, those affected will have twelve to 24 months to implement the new requirements.
  3. Directive on the resilience of critical entities
    The EU Directive on the Resilience of Critical Entities (CER Directive) aims to strengthen the physical resilience of critical entities. The CER Directive replaces the old Directive 2008/114/EC and extends its scope. These new rules oblige EU Member States to identify critical facilities and strengthen their resilience. The CER Directive entered into force on 16 January 2023. EU Member States have until 17 October 2024 to transpose the provisions into national legislation. Affected economic sectors are divided into the categories essential and important. A total of eleven sectors are included in the scope, some of which overlap with the NIS-2 Directive: Energy, Transport, Banking, Financial Market Infrastructures, Health, Drinking Water, Waste Water, Digital Infrastructure, Public Administration, Space, and the Production, Processing and Distribution of Food.

 

The International Forum is also available as a livestream. Follow this link to access the broadcast.

... read more

Language: English

Questions and Answers: No

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.