The EU’s revised NIS2 Directive (Network and Information Systems Directive) (NIS2) mandates companies and public bodies to promptly report significant cybersecurity incidents. Central to NIS2 are mandatory and voluntary incident notification regimes. We expect NIS2 to become law in Ireland in 2025. In this article, we consider what's involved and why organisations should start updating their breach response policies to be ready for these new obligations.
