NIS2 in Bulgaria: What Do Companies Need to Know?
Published by IDVKM on
NIS2 in Bulgaria: What Do Companies Need to Know?
The European Directive on the Security of Network and Information Systems (EU) 2022/2555, known as NIS2, is aimed at enhancing the level of cybersecurity across all countries in the European Union.
NIS2 requires organizations in critical and essential sectors, such as energy, transport, finance, healthcare, and digital infrastructure, to implement minimum cybersecurity measures, including risk assessment policies, incident response actions, supply chain protection, and more.
Other companies that act as suppliers to these industries also fall under the scope of the directive and are required to meet NIS2 standards. For instance, they are obligated to promptly report significant incidents that could impact the critical operations of the organization as well as other related entities.
What to Expect from NIS2 in Bulgaria?
The NIS2 Directive has been in effect since its adoption in January 2023, and EU member states were required to transpose the directive’s requirements into their national legislation by October 17, 2024. This means that after this date, European companies falling under the scope of NIS2 should have been prepared with strategic cybersecurity measures.
The implementation status varies significantly across member states.
Countries that have successfully transposed NIS2 include Belgium, Croatia, Hungary, Italy, Latvia, and Lithuania. They have adopted the necessary national legislation.
Many EU countries, including France, Germany, the Netherlands, and Sweden, have not yet finalized their draft bills for transposition. Bulgaria is also among them.
In Bulgaria, a draft amendment to the Cybersecurity Act was discussed in the summer of 2024. This amendment is a prerequisite for aligning our national legislation with NIS2 requirements.
The public consultation period lasted from July 4 to August 3, 2024.
The draft amendment to the Cybersecurity Act was submitted to the National Assembly on September 13, 2024. However, due to parliamentary elections, its review and adoption were delayed.
The legislative changes have not yet been approved, and the process remains incomplete.
This means that the official implementation of the directive in Bulgaria has been postponed. However, this delay does not negate the necessity for companies to prepare in advance to avoid the risks and pressures of sudden compliance with these measures at the last moment.
Support and Solutions from IDVKM
The IDVKM team has created an e-book on NIS2, covering the key aspects of the directive and the measures companies must take to achieve compliance. The guide explains specific requirements and outlines steps businesses can follow to build resilient cybersecurity systems.
Additionally, on our dedicated web page, you can find further information and connect with our experts for consultation.
0 Comments