Traficom is preparing a recommendation on the cybersecurity risk management measures of the NIS2 directive

The NIS2 directive stipulates the basic obligations of cyber security risk management measures. National legislation to implement the directive is being prepared in the working group of the Ministry of Transport and Communications.

The purpose of the recommendation is to support supervisory authorities and NIS2 industries in the implementation of cyber security requirements. The recommendation contains implementation examples and authentication methods for cyber security risk management measures. The recommendation contains references to the most common standards and frameworks, but does not propose the implementation of any standard or framework. 

The preparation of the recommendation follows the schedule of national law preparation. The recommendation will request statements publicly when the processing of the regulations in the parliament begins. According to the plans, this will happen in the spring of 2024. The recommendation will be published for everyone to use when the legislation is passed.

Base level cyber hygiene practices will be published at the start of the year

As one area, the recommendation includes basic cyber hygiene practices. Cyber hygiene practices describe what actions an organisation can take to protect itself from the most common internet threats. Cyber hygiene practices are only one part of the cyber security risk management measures required by the NIS2 directive. The practices will be published before the recommendation is finalized.