Cybersecurity of critical infrastructure in europe: the NIS2 directive in focus

Cybersecurity of critical infrastructure in europe: the NIS2 directive in focus

연구 분야: Infrastructure

학회: International Cybersecurity Law Review

Cyberattacks on critical infrastructure—from hospitals to energy grids—pose systemic risks with potentially fatal consequences. In response, the European Union adopted the NIS2 Directive (Directive (EU) 2022/2555), which significantly expands and strengthens cybersecurity obligations for essential and important entities across 18 critical sectors. This article analyses the legal innovations of NIS2, including broader sectoral scope, enhanced risk management duties, stricter enforcement (with high fines and executive liability), and EU-wide cooperation mechanisms. It also addresses practical challenges of implementation, such as varying national transposition, compliance burdens for medium-sized firms, and the complexities of incident reporting and supply chain oversight. Drawing on case studies—including the 2021 HSE ransomware attack and the 2017 NotPetya malware outbreak—the article examines how NIS2 aims to mitigate real-world vulnerabilities. Finally, it situates NIS2 within the wider European cybersecurity landscape, including the CER Directive, DORA, CRA, and forthcoming EU cyber defense initiatives. The article concludes that NIS2 represents a major step forward for EU cybersecurity law, but its success will hinge on consistent implementation, regulatory coordination, and public-private resilience.