In our previous post, we explained the purpose and key impacts of #NIS2 for organisations (https://lnkd.in/eMkkWt8C). Today, let’s look at which entities fall under the scope of its provisions. 💯 Essential and Important Entities 💯 Entities that fall within the scope of #NIS2 are divided into two categories: ‘Essential Entities’ and ‘Important Entities’. This categorisation is based upon the criticality of their sector, the type of service they provide, and their size. 🌓 What’s the difference between the two categories? 🌓 Both 'Essential Entities' and 'Important Entities' are subject to the same cybersecurity standards and the same cyber-incident reporting requirements (which we will analyse in more detail in our next post). So the question is: why distinguish between these two categories? Let’s have a look at who qualifies as an Essential Entity or an Important Entity and why that distinction matters…
Digiphile’s Post
More Relevant Posts
-
The #AIAct is coming and you want to get into compliance - but where do you begin? Here's a very simple roadmap to get you started. 👇
-
-
Today’s post is a deep dive into the key requirements of #NIS2 and how they impact your business. 🔐 Cybersecurity 🔐 #NIS2 mandates a comprehensive risk management strategy that requires Essential and Important entities to assess cyber risks, run cybersecurity audits, have a business continuity plan to mitigate potential disruptions, verify the security of their supply chain, and much more. 📣 Incident reporting 📣 #NIS2 requires Essential and Important entities to be on the lookout for ‘significant incidents’ and ‘cyber threats’. The former must be reported to competent authorities within 24h by submitting an early warning, and from there there is a strict timeline to follow to keep the authorities apprised. 📬 Customer Notifications 📬 #NIS2 also requires to promptly inform their customers of both significant incidents and cyberthreats without undue delay. If you’re new to #NIS2, then be sure to also check out our earlier #NIS2 posts, which provide a brief overview of #NIS2 and its aims here: https://lnkd.in/eMkkWt8C and explain the types of entities it applies to here: https://lnkd.in/eJRyP6P5 Thanks to our #NIS2 expert Marco Piana for his insights in preparing this post!
-
#EDPB elects a new Deputy Chair - Zdravko Vukić, Director of the Croatian Personal Data Protection Agency. Mr. Vukić will join fellow Deputy Chair Irene Loizidou Nikolaidou, and work closely with EDPB Chair, Anu Talus. https://lnkd.in/eGgpWGue
-
Step up, step up - understand your #AIAct incident reporting responsibilities here 👇
How does incident reporting work under the #AIAct? It's a bit more complex than you might imagine. The precise rules vary depending on whether the AI system is "high risk" or not, whether the incident itself is "serious", whether you are a provider or deployer, and, if a provider, whether you provide the impacted AI system or a #GPAI model integrated into it. Got all that? Don't worry if not - the Digiphile infographic below should help:
-
-
The EU-US Data Privacy Framework (DPF) and UK-US Extension have been up-and-running and working well for some time now - but the Swiss-US DPF has been the outlier. What's been going on? In order for transfers to be made under the Swiss-US DPF, the Swiss Federal Council needs to recognise the Swiss-US DPF as adequate. And, in order for *that* to happen, the US Attorney General first needed to designate Switzerland as a 'qualifying state' for the purposes of US Executive Order 14086. This designation would allow Switzerland to benefit from the redress mechanisms under EO 14086 (i.e. to raise DPF complaints to the US Civil Liberties Protection Officer and, if needed, the Data Protection Review Court). It now seems that Switzerland has achieved its 'qualifying state' designation from the US AG - see below and here (https://lnkd.in/e_YuBmHr) so, with any luck, Swiss adequacy recognition for the DPF should happen soon. 🤞 Sincere thanks to our good friend David Rosenthal at VISCHER for bringing this to our attention.
AI Ethicist, Strategist & Speaker │ MBA, LLM, FIP
1moAnother clear and simple guide on a complex topic from Digiphile. Thank you Phil Lee!