Proposal for a NIS directive 2.0: companies covered by the extended scope of application and their obligations.

The proposal for a Network and Information Systems (NIS) Directive 2.0 aims to broaden the scope of the current NIS Directive by covering more companies in existing sectors as well as including additional sectors. The present categories of operators of essential services and digital service providers are to be replaced by important and essential entities. Currently, companies subject to NIS obligations are identified by decisions of national competent authorities. In contrast, the proposal introduces a single criterion for companies in the listed sectors, according to which they are to be primarily identified ipso iure -a company's size. The author gives an overview of the main provisions and highlights the principal challenges associated with the proposed changes to the NIS regulatory regime.