ARTICLE
28 January 2025

October To December 2024 - Cyber And Operational Resilience

AC
Arthur Cox

Contributor

Arthur Cox is one of Ireland’s leading law firms. For almost 100 years, we have been at the forefront of developments in the legal profession in Ireland. Our practice encompasses all aspects of corporate and business law. The firm has offices in Dublin, Belfast, London, New York and Silicon Valley.
A new Commission Implementing Regulation was published in the Official Journal establishing the circumstances, formats and procedures for notifications of conformity assessment bodies...
Ireland Technology

Cybersecurity Act (Regulation (EU) 2019/881) – Implementing Regulation for ICT certification

DATE OF UPDATE: 19 December 2024

LINKS

Implementing regulation - EU - 2024/3143 - EN - EUR-Lex

CURRENT STATUS

A new Commission Implementing Regulation was published in the Official Journal establishing the circumstances, formats and procedures for notifications of conformity assessment bodies by national cybersecurity certification authorities pursuant to Article 61(1) of the Cybersecurity Act.

Cyber Solidarity Act and targeted amendment to the Cybersecurity Act

DATE OF UPDATE: 2 December 2024

LINKS

Regulation - EU - 2025/37 - EN - EUR-Lex

Regulation - EU - 2025/38 - EN - EUR-Lex

Cybersecurity package: Council adopts new laws to strengthen cybersecurity capacities in the EU - Consilium

CURRENT STATUS

The European Council adopted two new laws that form part of the cyber security legislative 'package': the Cyber Solidarity Act, and a targeted amendment to the Cybersecurity Act (to enable the future adoption of European certification schemes for managed security services).

WHY IS THIS APPLICABLE TO CLIENTS?

The amendment to the Cybersecurity Act will be of interest to managed security services and organisations that use these services. The amendment will enable the establishment of European certification schemes for these managed security services.

Cyber – Directive (EU) 2022/2555 ("NIS 2")

DATE OF UPDATE: 28 November 2024

LINKS

The Commission calls on 23 Member States to fully transpose the NIS2 Directive | Shaping Europe's digital future

Network and Information Security Directive (NIS2) - Arthur Cox LLP

Are you Cyber Ready? Key Points of the NIS2 Directive

CURRENT STATUS

Member States were required to transpose the NIS2 Directive into national law by 17 October 2024. The European Commission opened infringement procedures against 23 Member States (to include Ireland) for failing to fully transpose NIS2 within that timeframe. The offending Member States have been afforded two months to complete their transposition and notify their measures to the Commission. In the absence of a satisfactory response, the Commission may decide to issue a reasoned opinion.

WHY IS THIS APPLICABLE TO CLIENTS?

NIS2 applies to a number of sectors to include digital infrastructure (including providers of cloud computing services) and digital providers such as online marketplaces, online search engines and social networking services platforms.

Physical Resilience of Critical Entities

DATE OF UPDATE: 25 October 2024

LINKS

gov.ie - Tánaiste signs new regulations to enhance the resilience of the operators of essential services in the State

S.I. No. 559/2024 - European Union (Resilience of Critical Entities) Regulations 2024

CURRENT STATUS

The European Union (Resilience of Critical Entities) Regulations 2024 ("Regulations") give full effect to the State's obligations on the resilience of critical entities under Directive (EU) 2022/2557 ("CER Directive") and further effect to the State's obligations under Commission Delegated Regulation (EU) 2023/2450 of 25 July 2023.

WHY IS THIS APPLICABLE TO CLIENTS?

While critical entities have not yet been identified, a wide range of sectors are within scope of the Regulations.

NEXT STEPS

Critical entities, once identified, will carry out risk assessments and take technical, security and organisational measures to enhance their resilience.

NIS 2 – Implementing Regulation

DATE OF UPDATE: 17 October 2024

LINKS

Implementing regulation - EU

New rules to boost cybersecurity of EU's critical entities

CURRENT STATUS

The Commission adopted the first implementing rules on the NIS 2 Directive. The implementing regulation details cybersecurity risk management measures as well as the cases in which an incident should be considered significant.

WHY IS THIS APPLICABLE TO CLIENTS?

The implementing regulation will apply to specific categories of companies providing digital services, such as cloud computing service providers, data centre service providers, online marketplaces, online search engines and social networking platforms.

This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More