FS 3: New European proposals – NIS2 and cybersecurity agenda

Rapporteur: Peter Van Roste, CENTR

• FYI: companies outside EU have to choose a representative in EU (DNS, cloud, data centre, search engine)

• Might be worth to further look into or discuss horizontal vs vertical approaches when defining scope and seeking alignment between NIS2 and other instruments (e.g. EECC)

• Multistakeholder bodies rely on multilateral bodies for their support, rather then trying to immediately seek multi-lateral solutions

• Need to educate companies on what is applicable to them, help them and guide them into compliance

• Concerning registration data, GDPR defines the principles that data controllers should follow. NIS2 is compliant with these principles.

• There are existing policies within European ccTLDs to ensure registration data accuracy, dependent on national laws and availability of eID solutions.

• More clarity is needed on accountability and the roles of different entities under the scope of NIS2.