BRUSSELS – March 17, 2021 – In comments filed today, BSA | The Software Alliance welcomed efforts to strengthen cybersecurity resilience in Europe through proposed updates to the EU Network and Information Security Directive (NIS 2.0), offering the following statement.

“The threat landscape has increased considerably since the adoption of the original NIS Directive in 2016, and its objectives are more relevant than ever. Cyber incidents currently rank among the most significant business risks globally,” said Isabelle Roccia, Senior Manager, Policy – EMEA at BSA. “The horizontal approach to cybersecurity resilience and response proposed in NIS 2.0 is reflective of today’s digitalized economy and society. BSA particularly welcomes the directive’s emphasis on risk management, and we have offered specific recommendations to achieve an appropriate risk-based approach that is both effective and proportionate.”

“Going forward, it will be important that NIS 2.0 maintains clear precedence over sector-specific initiatives to strengthen resilience, such as the DORA proposal for operational resilience of the financial sector, to avoid overlap, address potential inconsistencies, and provide robust cybersecurity rules across Europe’s legislative frameworks,” Roccia added. “The objectives of NIS 2.0 will also be best served by leveraging industry expertise and public-private cooperation – for instance, on information sharing – and by aligning EU rules with international standards across a range of topics such as risk management, incidents reporting, and coordinated vulnerability disclosure.”

Read BSA’s full comments on the proposed NIS 2.0 Directive here.