NIS 2 Directive Article 44 – Repeal

Introduction

The NIS 2 Directive, officially known as Directive (EU) 2016/1148, has played a pivotal role in enhancing the cybersecurity landscape within the European Union. However, recent developments have led to the introduction of new regulations, with Article 44 of the NIS 2 Directive signaling the repeal of its predecessor.

This significant change is set to come into effect on 18 October 2024, marking a new chapter in EU cybersecurity governance. In this article, we will explore the implications of Article 44, the reasons behind the repeal, and what this means for stakeholders within the cybersecurity realm.

• Understanding the NIS 2 Directive: The NIS 2 Directive, adopted in 2021, aimed to strengthen the resilience of the EU's critical infrastructure against cyber threats. It introduced a range of requirements for operators of essential services and digital service providers, mandating measures such as risk management, incident reporting, and cooperation with national authorities. The directive also emphasized the importance of cross-border collaboration and information sharing to tackle cybersecurity challenges effectively.

• The Repeal of Directive (EU) 2016/1148: Article 44 of the NIS 2 Directive marks the official repeal of its predecessor, Directive (EU) 2016/1148. The decision to repeal the previous directive reflects the evolving nature of cybersecurity threats and the need for more robust regulatory frameworks to address them. By repealing Directive (EU) 2016/1148, the EU is signaling its commitment to staying abreast of technological advancements and emerging cyber risks.

• Implications for Stakeholders: Stakeholders within the cybersecurity ecosystem, including operators of essential services, digital service providers, and national authorities, will need to adapt to the changes brought about by the repeal of Directive (EU) 2016/1148. They will be required to align their practices and processes with the provisions of the NIS 2 Directive, ensuring compliance with the updated regulatory requirements. This transition period offers an opportunity for stakeholders to review their cybersecurity measures and enhance their resilience against cyber threats.

• Correlation Table and Annex III: As per Article 44 of the NIS 2 Directive, references to the repealed Directive (EU) 2016/1148 shall be construed as references to the new directive. This ensures continuity and clarity in understanding the regulatory framework governing cybersecurity within the EU. The correlation table set out in Annex III of the NIS 2 Directive provides a useful reference point for stakeholders to navigate the transition from the old directive to the new one seamlessly.

Conclusion

The repeal of Directive (EU) 2016/1148 under Article 44 of the NIS 2 Directive marks a significant milestone in EU cybersecurity governance. This move underscores the EU's commitment to enhancing cybersecurity resilience and addressing emerging threats effectively.

Stakeholders must now prepare for the upcoming changes, ensuring compliance with the revised regulatory framework and leveraging the opportunity to strengthen their cybersecurity posture. By embracing these changes, the EU is taking a proactive stance in safeguarding critical infrastructure and digital services against evolving cyber risks.