About NIS 2
Affected Sectors
Compliance Toolkits
EU Regulation
- Directive on measures for a high common level of cybersecurity across the Union (NIS 2)
  
  Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union
  
  Directive on the Resilience of Critical Entities (CER)
  
  Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC
  
  Digital Operational Resilience Act (DORA)
  
  Directive (EU) 2022/2554 of the European Parliament and of the Council o of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations
  
  Proposal for the new Cyber Resilience Act (CRA)
  
  Proposal: Regulation of the European Parliament and of the Council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020
  
  List of essential services
  
  Commission Delegated Regulation (EU) 2023/2450 of 25 July 2023 supplementing Directive (EU) 2022/2557 of the European Parliament and of the Council by establishing a list of essential services
  
  EU Agency for Cybersecurity
  
  Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity)
  
  The European Data Act
  
  Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data.
  
  European laws and regulations in the context of cybersecurity
  
  MORE INFORMATION
Law Transposition

English (UK)

English (UK)
Deutsch
Français
Nederlands
Español
Italiano

Vulnerability

admin
August 9, 2024

Means a weakness, susceptibility or flaw of ICT products or ICT services that can be exploited by a cyber threatCyber threat means any potential circumstance, event or action that could damage, disrupt or otherwise adversely impact network and information systems, the users of such systems and other persons - Definition according Article 2, point (8), Regulation (EU) 2019/881.

– Definition according Article 6 Directive (EU) 2022/2555 (NIS2 Directive)