EDPB and EDPS support strengthening EU’s cybersecurity and easing compliance while protecting individuals’ personal data

AI Analysis

The EDPB and EDPS have issued a joint opinion endorsing the European Commission's draft implementing acts for the NIS2 Directive. This opinion supports measures designed to standardize and clarify cybersecurity risk management and reporting obligations across the EU. The primary goal is to strengthen the Union's collective cybersecurity while simplifying compliance burdens and ensuring a high level of personal data protection.

The changes directly affect entities within the broad scope of the NIS2 Directive. This includes medium and large organizations in essential sectors like energy, transport, and healthcare, as well as important digital providers such as cloud computing services and data centers.

Compliance teams in-scope organizations should first review the detailed implementing acts once formally adopted. The next step is to conduct a gap analysis against the newly clarified technical and procedural requirements. Teams should then prepare to integrate these standardized measures into existing cybersecurity and incident response frameworks, ensuring alignment with both NIS2 and GDPR obligations.