Risks, Rules & Gaps: The Latest on NIS2 and CRA

Web­i­nar with Andrew Ginter

With the NIS2 Direc­ti­ve and the Cyber Resi­li­ence Act (CRA), cyber­se­cu­ri­ty requi­re­ments are incre­asing for cri­ti­cal infra­struc­tures as well as indus­tri­al auto­ma­ti­on and other pro­ducts in the Euro­pean Union.

But the road to stron­ger requi­re­ments is not all smooth. While NIS2 has been in force sin­ce 2023, some Mem­ber Sta­tes have not yet trans­po­sed the Direc­ti­ve into natio­nal law, even though the dead­line for trans­po­si­ti­on has alre­a­dy pas­sed. And the natio­nal laws imple­men­ting NIS2 dif­fer in each Mem­ber Sta­te, though with NIS2 the­re is mini­mum degree of harmonization.

Final­ly, while the new CRA con­ta­ins new har­mo­ni­zed requi­re­ments for pro­ducts with digi­tal ele­ments, the­re are cor­ner cases that seem to make litt­le sen­se, espe­ci­al­ly when app­ly­ing CRA-compliant pro­ducts to change-controlled cri­ti­cal infrastructures

Spea­k­er

• Andrew Gin­ter, Vice Pre­si­dent Indus­tri­al Secu­ri­ty, Water­fall Secu­ri­ty Solutions
• Chris­tina Kie­fer, Seni­or Associate

This web­i­nar was hos­ted by Water­fall.

You can find the recor­ding of the web­i­nar with Water­fall on NIS2 and CRA on the Water­fall web­site and on YouTube.