Safeguarding Europe: Why the NIS-2 and CER Directives Matter
?? Ensuring the Security and Resiliency of Europe?
The European Commission has recently initiated infringement proceedings against several EU member states, highlighting an urgent issue: the incomplete implementation of two critical directives—the NIS-2 Directive on Cybersecurity and the CER Directive on Critical Infrastructure Resilience.?
As global threats evolve, the need for harmonized and timely adoption of these measures becomes ever more pressing. Let’s explore what this means and why it’s crucial for Europe’s future.?
?? The NIS-2 Directive: Elevating Cybersecurity Standards?
Adopted to ensure high cybersecurity standards across the EU, the NIS-2 Directive applies to key sectors like energy, healthcare, transportation, and digital services. It aims to enhance the resilience of both public and private entities to cyber threats.?
Despite the October 17, 2024, deadline, 23 member states, including Germany, have failed to integrate the directive into national law fully. This delay risks leaving critical sectors vulnerable to cyberattacks.?
Cyber incidents know no borders. A harmonized approach across the EU is essential to prevent cascading effects and to protect the infrastructure that keeps our societies running.?
??? The CER Directive: Strengthening Physical Resilience?
The CER Directive focuses on safeguarding essential services, such as water, energy, transport, and digital infrastructures, against physical threats like natural disasters, sabotage, insider threats and terrorism. It replaces earlier regulations, broadening the scope from two to eleven critical sectors.?
With 24 member states missing the implementation deadline, the directive’s aim of reinforcing resilience is at risk. Germany is among those yet to comply.?
From floods to sabotage, disruptions in critical infrastructure can have catastrophic effects. Strengthening resilience ensures essential services remain operational, even under severe threats.?
? Why Action is Essential?
The two-month grace period granted by the European Commission is not just a procedural step—it’s a critical window to act decisively. Delayed implementation of the NIS-2 and CER directives leaves gaps in Europe’s defenses at a time when the global threat landscape is becoming more unpredictable.?
Cyberattacks have grown in sophistication and impact, targeting essential sectors such as healthcare, energy, and public administration. A fragmented approach to cybersecurity across member states creates vulnerabilities that cybercriminals can exploit. Without the full implementation of NIS-2, Europe risks being unprepared for coordinated attacks that could paralyze key services.?
The CER directive addresses threats that go beyond the digital sphere. Natural disasters linked to climate change, sabotage of critical infrastructure, and terrorist activities are on the rise. In the absence of strengthened physical resilience measures, societies remain exposed to potentially devastating disruptions.?
Disruptions to essential services affect not only national economies but also the daily lives of citizens. Power outages, water shortages, or interrupted healthcare services can have cascading effects, undermining trust in public institutions and creating long-term economic instability.?
While these directives provide a framework, their success hinges on collective action. Governments must prioritize national implementation efforts, and businesses must invest in aligning with the new requirements. Delays in one member state can weaken the entire EU, given the interconnected nature of infrastructure and supply chains.?
About Kertos
Kertos is the no-code solution for fully automated implementation of global data protection and compliance regulations. Our platform enables fast-scaling tech companies to streamline their compliance with minimal personnel costs.
Helpful Resources
↘? Shhh! It's private. Read our latest newsletter editions.
?? Kertos. Discover how you can streamline your compliance operations
??? The NIS2 Directive Dive into our latest whitepaper on the NIS2 Directive that is shaping European Cybersecurity