Network Information Systems

Cybersecurity Oversight: The NIS2 Directive 

Responsibility for cybersecurity oversight arises from the NIS2 Directive (Directive (EU) 2022/2555), which establishes a harmonised framework to strengthen cybersecurity across the EU. NIS2 expands the scope of the original 2016 directive, placing proportionate, risk-based security and incident reporting obligations on operators in critical sectors, including transport, and introducing explicit accountability at senior management and board level. 

In December 2023, the CRR was designated as the National Competent Authority for Transport – Rail. Ireland missed the October 2024 transposition deadline, and NIS2 is now being implemented through the National Cyber Security Bill, currently progressing through the Oireachtas and expected to be enacted in 2026. Until then, existing NIS obligations remain in force. 

Extra Resources: NCSC: NIS2