NIS2 Implementation in the EU |
|
Ireland |
|
(Europe)
Firm
Arthur Cox
Contributors
Colin Rooney |
|
Status | Ongoing |
Status of the NIS2 Implementation Act | The Irish Government published the General Scheme of the National Cyber Security Bill 2024 (“General Scheme”) on 30 August 2024. This Scheme will inform the drafting of the National Cyber Security Bill. The National Cyber Security Bill has not yet been published. The provisions contained within the General Scheme are therefore subject to change. |
If available, foreseeable significant deviations of the National Implementation Act from the NIS2 Directive | The General Scheme is closely modeled on the NIS2 Directive, albeit with several local idiosyncrasies expected in transposition. Some of the more significant deviations include:
|
Expected date of entry into force of the Implementation Act | As the Cybersecurity Bill has yet to be published and go through the legislative process, the date on which final transposing legislation can be expected is not clear. |
NIS2 Implementation in the EU
Ongoing
The Irish Government published the General Scheme of the National Cyber Security Bill 2024 (“General Scheme”) on 30 August 2024. This Scheme will inform the drafting of the National Cyber Security Bill. The National Cyber Security Bill has not yet been published. The provisions contained within the General Scheme are therefore subject to change.
The General Scheme is closely modeled on the NIS2 Directive, albeit with several local idiosyncrasies expected in transposition. Some of the more significant deviations include:
- Enforcement
The General Scheme introduces processes for exercising enforcement powers that are not prescribed in the NIS2 Directive. It provides that the enforcement powers of the national competent authority are to be exercised by way of a ‘compliance notice’ that is served on the relevant essential/important entity. Certain Public Bodies (discussed below) and Public Administration Entities appear (although the drafting is unclear) to be exempt from enforcement actions and penalties. - Sensor Employment
The General Scheme provides that the NCSC may deploy sensors on essential and important entities, with their consent, where necessary to detect and manage risks to network and information security. - Public Body
The General Scheme introduces the concept of “public bodies“ which is distinct from the concept of a “public administration entity“. - System of self-registration
Head 31 of the General Scheme lists specific types of entities (TLD name registries, DNS service providers, domain name registration service providers, cloud computing service providers, data center service providers, content delivery network providers, managed service providers, managed security service providers, online marketplaces, online search engines and social networking platforms) that must self-register with the NCSC by submitting certain information to the NCSC by January 17, 2025. The General Scheme also provides that the NCSC must establish a list of essential and important entities by April 17, 2025, and that, in order to do this, the Minister shall require essential and important entities to submit certain details to the relevant competent authorities.
As the Cybersecurity Bill has yet to be published and go through the legislative process, the date on which final transposing legislation can be expected is not clear.