NIS2

Last updated 12th November 2024

Update – The NIS2 registration and incident reporting portals are not available at this time.

Once the legislation is implemented, both the NIS2 registration portal and the NIS2 incident reporting portal will be available for use.

The earlier version of NIS2 (NIS1) is still operational and continues to apply to already designated Operators of Essential Services (OESs)within the State.

Background

The NIS2 Directive is the EU-wide legislation on cybersecurity which updates the 2016 NIS Directive. It was introduced to strengthen and harmonise cyber security across the European Union, and to keep-up with increased digitisation and an evolving cybersecurity threat landscape.

Building on measures introduced in the 2016 legislation, and expanding the scope of the cybersecurity rules to new sectors and entities further improves the resilience and incident response capacities of public and private entities, competent authorities, and the EU as a whole.

Overview of Directive

Some elements of the Directive include:

National Steps

Unfortunately, the transposition deadline for NIS2 of 17 October 2024 has not been met. Ireland continues to work through the transposition requirements of the Directive. NIS2 is a complex piece of legislation which requires a complete overhaul of existing legislation. The predecessor of NIS2 (NIS1) remains in full effect and covers the most critical operators within the State.

A Cabinet decision in July 2024 directed priority drafting of the legislation transposing the NIS2 Directive, and drafting is progressing swiftly. The Heads of the General Scheme of the Bill for this legislation was published on the Department of Environment, Climate and Communications (DECC) website in September 2024.

There are numerous pillars that will form part of the national legislation already in place, or in final stages of development, for example:

The groundwork being laid by these initiatives ensures that upon publication of national legislation, the supporting structures that are required to give effect to it will be available.

DECC and the NCSC will continue to work closely with all stakeholders, including the Houses of the Oireachtas, the OPC, the Commission and others to ensue this comprehensive legislation is drafted and passed in a suitable time-frame.

Am I in Scope?
Tool

NIS2 FAQ

NIS2 Quick Reference Guide Complete Version

NIS2 Directive Resources

Sector Specific Guidance

SME

The definition of an SME is available from the European Commission. The page provides a detailed guide on NIS2 self-assessment, as well as a tool to assist in this process.

The NCSC’s forthcoming ‘Irish Cyber Security Measures Certification’ scheme will include NIS2 aligned measures, and will also provide supports which will aid SMEs in strengthening their resilience.

Operators of Essential Services (OES)

We have also provided information on the original NIS Directive with regards to Operators of Essential Services.

Digital Service Providers (DSP)

Similarly, we have previously published information on the original NIS Directive with regards to Digital Service Providers.

Queries

All NIS2 queries can be sent to NIS2Queries@ncsc.gov.ie

NIS2 Videos

NIS2 Slides from NCSC Conference 2024