ENISA: the report on the critical sectors of NIS 2 has been published.

The European Union Agency for Cybersecurity (ENISA) has published the NIS360 report on the maturity and criticality of cybersecurity of sectors under Directive (EU) 2022/2555 on the security of network and information systems (the NIS 2 Directive).

The NIS 360 report focuses on three central points:

1. it is recommended to strengthen collaboration within and between sectors, through community-building events and cooperation at sectoral, national and EU level;
2. sector-specific guidance on how to implement the key requirements of NIS 2 in each sector shall be developed within the transposition period of NIS 2. The report notes that national sectoral authorities are stepping up to implement NIS2;
3. the need both to align the requirements across borders in each area of NIS 2 and to work together across borders.

The most critical and mature sectors were considered electricity, telecommunications and banking, as there is already significant regulatory oversight. While digital infrastructures, such as critical services such as internet exchanges, top-level domains, data centers, and cloud services, have been considered a step below in terms of maturity.