The Directive on measures for a high common level of cybersecurity across the EU (NIS2) sets baseline cybersecurity risk-management and incident reporting obligations for entities operating in EU critical sectors (e.g. telecoms, cloud). The directive applies an all-hazard approach; thus, the risk-management measures should also address physical and environmental security (e.g. natural disasters), as well as resilience (e.g. having a business continuity strategy).

Cullen International published a Benchmark examining whether, in addition to the security requirements in NIS2 transposition laws, European countries established additional resilience requirements, in particular for mobile networks. It specifically addresses power backup and redundancy requirements to ensure service continuity during power outages, natural disasters, and other events impacting the operation of telecoms networks.  

Of the surveyed countries, Denmark, Finland, Germany, Poland, Romania, Slovakia, Slovenia and Sweden expressly require telecoms operators to take measures guaranteeing backup power supply for mobile network elements.

In addition, Finland, Poland (proposed), Romania, Slovenia, Spain (proposed) and Sweden set minimum power backup duration requirements for mobile networks. In most of these countries, the minimum power backup duration requirements range depending on aspects such as the number of customers to the network elements affected.

For more information on the benchmark and Cullen International's complete NIS2 coverage, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our European Digital Economy service.