Romania Moves Forward with NIS II Directive Implementation
Publication: ZRVP
On May 10, 2024, the public consultation initiated by the National Directorate of Cyber Security concluded. This marks a crucial juncture in Romania’s cybersecurity landscape as the nation moves forward with implementing the NIS II Directive, designed to enhance the security and resilience of critical infrastructure across the EU.
Importance of NIS II for Romania
As part of the European Union’s broader strategy for strengthening cybersecurity across Member States, NIS II holds immense importance for Romania’s digital resilience and security.
According to the Ministry of Foreign Affairs’ plan, the transposition process is on track to be completed by the end of the year, with the law slated for publication in the Official Gazette.
Key Deadlines and Requirements
By April 17, 2025, Member States are required to identify essential and significant entities falling under the scope of the NIS II Directive. Entities may be allowed to self-register, and it is crucial for organizations to assess whether their services fall under NIS II guidelines.
Compliance requires organizations under the NIS II framework to take proactive measures to address security risks and meet deadlines to avoid penalties.
Focus of the Public Consultation
The public consultation addressed several key points, assisting stakeholders by answering specific questions regarding sensitive issues raised by the provisions under discussion.
One major topic was the requirement for Member States to ensure individuals or legal entities can report vulnerabilities anonymously to the designated Computer Security Incident Response Teams (CSIRT). The consultation aimed to balance protecting reporters’ identities, safeguarding public interest, and considering the interests of affected entities.
Ongoing Challenges and Collaborative Efforts
Discussions also focused on criteria for assigning responsibilities in addressing cybersecurity vulnerabilities and establishing legal deadlines for remediation.
While multiple responses are expected to establish a robust legal framework, no conclusions have been published yet. Implementing the NIS II presents challenges and requires collaborative efforts from both public and private sectors, as well as significant investments in cybersecurity infrastructure.
Compliance demands continuous monitoring and adaptation to evolving cyber threats and regulations. Despite these challenges, the advantages of implementing NIS II surpass the difficulties involved.