The NIS2 Directive, which came into force on 16 January 2023, represents the European Union’s latest effort to strengthen cybersecurity across its member states. Replacing the previous NIS1 Directive, NIS2 is a comprehensive piece of legislation aimed at enhancing the security and resilience of critical infrastructure within the EU. Its primary focus is to establish a unified level of cybersecurity, particularly in response to the increasing threats posed by digitalisation and cyberattacks.
EU member states are required to integrate the NIS2 Directive into their national laws by 17 October 2024. However, there is flexibility in how each country implements these laws, potentially leading to 27 different versions across the EU. This directive is crucial for bolstering the security of essential services and infrastructures, promoting a culture of risk management, and fostering cross-border cooperation.
NIS2 is particularly relevant to medium-sized and large organisations within critical sectors such as energy, transportation, telecommunications, and healthcare. These entities must adopt stringent technical and organisational measures to protect against cyber threats and to mitigate the impact of any security breaches. Failure to comply with these measures can result in significant financial penalties and damage to a company’s reputation.
For the domain industry, NIS2 carries specific implications, especially under Article 28. Top-Level Domain (TLD) registries and domain registration service providers, including resellers and privacy service providers, are now required to maintain accurate and comprehensive data on domain name registrations. The directive mandates the development of policies and procedures to ensure this data’s accuracy, with an emphasis on increased verification processes depending on each member state’s implementation of the legislation.
European registries are already taking steps to comply with NIS2, with most adopting a risk-based approach that triggers data verification upon detecting irregularities. Some registries may require full verification of data at the time of domain registration, with the responsibility ideally falling on those with the most direct contact with the domain holders. Additionally, NIS2 introduces new obligations for all DNS service providers, regardless of their size, making it prudent to consider outsourcing these services.
The implementation of NIS2 is a priority, not only for domain registration but across all security aspects of organisations involved. This directive is expected to significantly impact the cybersecurity landscape within the EU, ensuring a more resilient and secure digital environment for all.
Team Internet plc (LON:TIG) – formerly CentralNic – is a global internet solutions group headquartered in London. Leveraging world-class technologies and industry leading teams, they have been transforming the way organisations, brands, publishers and consumers connect and thrive online.
