On 23 June, ECSO organised the first webinar of its new NIS2 Implementation Initiative. With the goal of facilitating the exchange of best practices among entities directly or indirectly impacted by the NIS2, the webinar gathered more than 160 ECSO Members and experts from the National Cybersecurity Agency (ACN) in Italy and the Centre for Cyber Security Belgium (CCB) to discuss national transposition processes and specificities of the directive in Italy and Belgium.
From the National Cybersecurity Agency of Italy (ACN), Senior Officer Nicolò Rivetti provided an overview of the cybersecurity regulatory landscape in Italy, explaining the ACN’s role and the interplay between different national and international legislations. Currently, the ACN focuses on transposing the NIS2 Directive using a simplified classification process where essential and important entities are divided into three categories according to the criticality of their ICT assets. The approach that the ACN will follow for the transposition of the NIS2 will be based on the National Cybersecurity Framework which is grounded in the NIST Framework and will be standard and technology agnostic to provide legal clarity and harmonisation with other national and international laws. Given the significant presence of SMEs in Italy, the ACN prioritises proportionality in imposing requirements to foster compliance and minimise the imposition of fines.
From the Centre for Cybersecurity of Belgium (CCB), Project Manager Valéry Vander Geeten shared the Belgian perspective on the implementation of the NIS2 Directive, noting that Belgium plans to transpose the directive by October 2024, while the deadline for implementation of security measures by affected entities will be in October 2025. He further provided the webinar audience with a decision path so participants could identify whether their entity falls inside the scope of the Belgian law transposing the NIS2. Finally, the CCB is working on three possible frameworks for the supervision of technical requirements:
- Cyber Fundamentals Framework that uses NIST with the ISO, CIS Controls and IEC elements
- ISO 27001 standard by an accredited CAB that will be linked to Cyber Fundamentals
- Sector-specific alternative created by Royal Decree
The transposition of the NIS2 directive will directly or indirectly affect many different entities, including essential and important entities, supervisory bodies of the Member States, and cybersecurity providers that offer services addressing the regulatory requirements outlined in the legislation. Consequently, the current initiative was launched to facilitate the exchange of best practices among these entities in the form of webinars that will be organised once per month.
With this in mind, the inaugural webinar successfully gathered professionals from both supply and demand sides of cybersecurity to discuss the optimal implementation of the directive, turning out to be the perfect opening for the many webinars to come. Leveraging the expertise of our wide Membership Base, the event consisted of informative discussions and fruitful exchanges of knowledge with the supervisory authorities.
We hope to see you at the next NIS2 Implementation webinar, where ECSO will invite experts from NIS2-impacted entities to discuss the measures they are undertaking for being compliant – stay tuned!
