What are the NIS2 and CER directives?

The Network and Information Security Directive (NIS2 Directive) and Critical Entities Resilience Directive (CER Directive) were adopted by the European Union at the end of 2022. The directives aim to strengthen the physical, digital, and economic resilience of European member states. The NIS2 Directive focuses on digital (cyber) risks to network and information systems, such as the internet and payment transactions. The NIS2 is the successor to the first NIS Directive, also known in the Netherlands as the NIB, which was incorporated into the Network and Information Systems Security Act (Wbni) in 2016. The CER Directive focuses on protecting organizations against physical threats, such as the consequences of (terrorist) crimes, sabotage, and natural disasters. Since January 2023, the Rijksoverheid has been working Rijksoverheid national implementation by transposing the directives into Dutch legislation. The NIS2 Directive is being implemented in the Cybersecurity Act (Cbw) and the CER Directive in the Critical Entities Resilience Act (Wwke).