The need for a Cyber Security Information System

The Network and Information Security 2 Directive (NIS2) was officially published in the EU Official Journal on December 27th, 2022, meaning that the implementation phase has started. As a result, Member States will have an implementation period of 21 months to transpose the NIS 2 Directive into national legislation. That will be easier said than done, as some aspects of NIS 2 remain open or cannot be resolved by a single Member State. One such example is cross-border incident reporting by Member States. At present, there is no functioning system in which incident notifications can be exchanged between EU members apart from manually through the CSIRT network.