NIS(2)* Directive is an EU-wide cybersecurity directive aiming to harmonize national cybersecurity capabilities, cross-border collaboration, and the supervision of critical sectors across the EU. By 17 October 2024, Member States must transpose NIS2 into their National Legislative System.
In particular, Article 3, "essential and important entities", asks the Member States by 17 April 2025 to establish a list/registry of essential and important entities (part of critical sectors) that the Directive applies to. Accordingly, Member States shall review and, where appropriate, update that list regularly and at least every two years thereafter. In addition, registered entities shall notify of any changes without delay and, in any event, within two weeks of the date of the change.
This thesis will analyze the requirements pursuant to Article 3 (and consequently Article 2 and Annexes I & II) of NIS2 to design and develop a prototypical system/portal (basic programming is involved, eg, HTML/CSS) that can serve as a national (and, if desired pan-European) registry for essential and important entities. Except for allowing organizations/entities to register themselves as recommended by NIS2, when feasible and under specific conditions, the system will be able to automatically classify registered entities as essential or important or request manual resolution from the pertinent national competent authority and the registering entity.
*(Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures to ensure a high common level of cybersecurity in the Union (amending Regulation (EU) No 910/2014 and Directive (EU) 2018 /1972 and repealing Directive (EU) 2016/1148)