EU: NIS2 Update – EU Moves to Harmonise Cyber Controls, Refine Scope, and Add New In-Scope Entities

Key Points:

• The European Commission has proposed targeted amendments to the NIS2 Directive aimed at modernizing EU cybersecurity regulations.
• The updates are intended to harmonize cyber controls across member states and expand the scope to include new entities that must comply with these regulations.
• This evolution of the NIS2 Directive reflects the EU's commitment to enhancing cybersecurity resilience amid increasing digital threats.

Background: The NIS2 Directive is part of the EU's legislative framework designed to improve cybersecurity across member states. It builds on the original NIS Directive by expanding its requirements and addressing emerging challenges in the digital landscape.

What's Next: The proposed amendments will be discussed further, with organizations expected to adapt their cybersecurity measures in response to the new requirements by the implementation deadline of January 20, 2026.