On January 16 the European Parliament and the Council of the European Union adopted legislation addressing measures for a high common level of cybersecurity across the EU to further increase resilience and incident response capabilities of the public and private sectors and the whole EU. The new TIS2 directive replaces the TIS directive regarding network and IT security which was transferred into the national legislation of Lithuania in 2018.
“The new Directive aims to further increase the resilience of the public and private sectors and improve incident response capabilities at EU level. To ensure that, the European cyber crisis liaison organization network, EU-CyCLONe, is established to facilitate coordination of large-scale cyber-incidents and crisis management ,” says Senior Advisor at the MoD Cybersecurity and IT Policy Group Antanas Aleknavičius.
According to him, the Directive also aims to unify the cybersecurity measures applied by different member states, define main rules regrading the functioning of a coordinated regulatory system and to develop mechanisms for an efficient cooperation between the competent authorities of every member state. The Directive also updates the list of sectors and activities regulated on the basis of cybersecurity responsivities and provides for measures to fulfil the said responsibilities.
“The scope of the new Directive encompasses not only the important sectors identified before, such as energy, transport, healthcare, but also areas including post and courier services, waste management, public administration business, and such,” says A. Aleknavičius and underscores that the Directive will not apply to entities in national defence, public security and law enforcement areas.
Within 21 months after the TIS2 Directive comes into force, all member states will be obliged to transfer the Directive regulations into national legislation. The Ministry of National Defence have already begun the preparation and foresees establishment of mechanism corresponding to TIS2 within the national law by 16 October 2024. The ministry of National Defence encourages companies from the private and public sectors to contribute to the implementation of the Directive.