BEREC Opinion on the proposed NIS 2 Directive and its effect on Electronic Communications

On 16 December 2020, the Commission has published a proposal for a revised Directive on Security of Network and Information Systems (NIS 2 Directive). The proposal expands the scope of the current NIS Directive by adding new sectors based on their criticality for the economy and society - Providers of public electronic communications networks referred to in point (8) of Article 2 of Directive (EU) 2018/1972(26) or providers of electronic communications services referred to in point (4) of Article 2 of Directive (EU) 2018/1972, where their services are publicly available, fall within its scope as essential entities.

The proposal further strengthens security requirements for the relevant entities with a minimum list of basic security elements to be applied and introduces more detailed provisions on the incident reporting procedure, the content of the reports and deadlines.

After the EECC and the 5G Toolbox, this proposal comes as a new regulatory act in the field of cybersecurity and critical infrastructure protection. With NIS 2 proposal articles 40 and 41 of the EECC, which regulate security of electronic communications network and services would be repealed.

The BEREC 5G Cybersecurity Working Group has prepared an independent BEREC opinion on the proposal.