For context, I'm not a solicitor.
I Googled NIS 2 EU and it returned an AI overview of what it is, which it said:
At the end of the day you need to be realistic and ask yourself if the EU courts are going to go after small forums with a handful of users or are they going to go after the big fish where cyber attacks would actually be critical to data and services.
It's the exact same issue as GDPR. It's important, don't get me wrong. But it's not something that's going to rock the world of forums and change how they're managed overnight. As long as you do what you can to keep your site secure, you shouldn't need to change anything with your forum and you won't have anything to worry about.
I Googled NIS 2 EU and it returned an AI overview of what it is, which it said:
To me, that looks fairly clear that it's aimed at large corporations such as Facebook and the like. Not aimed at small (or even large) communities, especially forums where the only data being processed is email addresses that allows users to talk about their hobbies.The NIS2 Directive, or the Network and Information Systems Directive 2, is a European Union (EU) law that aims to improve cybersecurity across the EU:
Purpose: The NIS2 Directive modernizes the EU's cybersecurity rules to address evolving threats and increased digitization. It's designed to protect critical infrastructure, essential services, and key sectors from cyber threats.
Scope: The NIS2 Directive applies to entities in critical sectors, including:Requirements: The NIS2 Directive requires entities to:
- Public electronic communications services
- ICT service management
- Digital services
- Wastewater and waste management
- Space
- Health
- Energy
- Transport
- Manufacturing of critical products
- Postal and courier services
Timeline: The NIS2 Directive entered into force on January 16, 2023. Member states had to transpose the directive into national law by October 17, 2024.
- Adopt appropriate security measures
- Notify relevant national authorities of serious incidents
- Be prepared to address a wide range of threats, including cyberattacks and physical disruptions
- Categorize themselves as "essential" or "important" based on their sector and size
Enforcement: The NIS2 Directive includes administrative fines for non-compliance. The amount of the fine depends on whether the entity is considered "essential" or "important".
At the end of the day you need to be realistic and ask yourself if the EU courts are going to go after small forums with a handful of users or are they going to go after the big fish where cyber attacks would actually be critical to data and services.
It's the exact same issue as GDPR. It's important, don't get me wrong. But it's not something that's going to rock the world of forums and change how they're managed overnight. As long as you do what you can to keep your site secure, you shouldn't need to change anything with your forum and you won't have anything to worry about.
Statistics: Posted by danieltj — Thu Jan 02, 2025 5:02 pm