Cullen International has just published a new Tracker providing an overview of the new EU cybersecurity rules proposed in the draft revised directive on the security of network and information systems (NIS2). The draft directive was presented by the European Commission on 16 December 2020 and will repeal and replace the current NIS Directive.
The objective of the proposal is to tackle the limitations of the current NIS regime, as well as respond to changes in the cybersecurity threat landscape.
The draft directive would significantly extend the scope of the current directive by adding new sectors such as telecoms, social media platforms and the public administration.
It would remove the distinction made between operators of essential services (OES) and digital service providers (DSPs, which currently fall into three categories: online marketplaces, search engines and cloud service providers).
The proposed directive would establish that all medium and large size entities active in the sectors covered by the NIS2 framework would have to automatically comply with the security rules put forward in the proposal – removing the possibility for member states to tailor the requirements in certain cases.
Other significant changes proposed in the draft directive would include:
- addressing for the first time cybersecurity of the ICT supply chain;
- introducing a two-step procedure to report significant security breaches;
- establishing the EU-Cyber Crises Liaison Organisation Network (EU-CyCLONe) to support the coordinated management of EU wide cybersecurity incidents and crises at operational level;
- increasing ENISA’s responsibilities within its mandate; and
- imposing in case of non-compliance administrative fines up to €10m or 2% of the entities’ total turnover worldwide, whichever is higher.
Cullen International's 'Tracker' will be updated regularly to follow all relevant developments around the adoption of the NIS2 Directive.
For more information on our report, please click on “Request Access”, or on “Access the full content” in case you are a subscriber of our European Digital Economy service.
more news
09 September 25
What use of the 6 GHz band? A global update
The 6 GHz spectrum band is suitable for both Wi-Fi and 5G/6G technologies, leading to competing industry demands in recent years. Our new Global Trends Report provides an update about the state of play, regulatory debates and plans to use the 6 GHz band, following decisions at the latest World Radiocommunication Conference (WRC-23).
01 September 25
Regulating submarine cable infrastructure
Our new Global Trends benchmark analyses key aspects of policies and regulations on submarine cable infrastructure in the telecoms sector. The research covers 16 jurisdictions around the world: Australia, Brazil, China, Egypt, the EU, India, Indonesia, Japan, Kenya, Korea, Nigeria, Peru, Singapore, South Africa, the UK, and the US.
27 August 25
5G developments and other regulatory news in the Middle East and North Africa
Our latest MENA Telecoms Update details the most significant regulatory developments taking place in the region between 30 April and 11 August 2025.