Europe is awaiting the evolution of cybersecurity. On 3 May 2022, the Council and the European Parliament agreed on the so-called NIS 2 Directive (Directive on measures for a high common level of cybersecurity across the Union). NIS 2 repeals the currently effective NIS Directive.
What is going to change? NIS 2 expands the range of entities that will have to comply with cybersecurity rules. NIS 2 will apply on numerous if not most TNT companies. NIS 2 recognizes two types of sectors: essential and important. Most of the TNT companies will belong to the essential sector as the digital infrastructure sector entities. Those entities are internet exchange point providers, DNS service providers, cloud computing and data center services, content delivery network providers, trust service providers according to eIDAS and providers of public electronic communications networks and servicers. Besides digital infrastructure, other essential sectors are health, energy, transport, banking, public administration and space. In addition to the essential sector entities, there will be also TNT companies classified as important sector entities, i.e., postal services, or digital providers. Digital providers are providers of online marketplaces, search engines and social networking platforms. The difference between the sectors is, according to the Recital of the directive, the level of criticality or the type of service as well as the level of dependency of other sectors or services.
