Cybersecurity Update: DIGITAL SME’s views on proposed EU law about Security of Network and Information Systems (NIS2 Directive)

DIGITAL SME welcomes the update that exempts small and micro enterprises from having to comply with the revised Directive on the Security of Network and Information Systems (NIS2 D) but requires affected entities to ensure the security of their supply chain and service providers.

DIGITAL SME welcomes the adoption of the new proposal by the Commission, which provides needed clarity on the definitions of Essential Services and Digital Service Providers, as well as the security requirements. Most importantly, DIGITAL SME is pleased to see that Small and Micro Enterprises are explicitly excluded from having to comply with the Directive. While suppliers of specific services will be exempt from this exclusion, the number of Small or Micro enterprises in this group is likely to be low; DIGITAL SME would still like to request that sufficient support is available for companies that do have to comply with the Directive.

Further to this, there is the risk that in requiring affected entities to ensure the security of their supply chains and service providers, Small and Micro Enterprises may have to indirectly comply with the requirements. The forthcoming risk assessment should ensure that security requirements for service providers and manufacturers in the supply remain proportionate and realistic, relative to the level of threat and vulnerability.

Read the full document here

We hold regular meetings with our Working Group Cyber to discuss related issues and share information. Our Working Groups are the place-to-be to network and discuss policy and how it impacts your business—and you can join them!  Click here to register for our Working Group CYBER (SMEs only)!