National Cyber Security Bill 2024 (Ireland)

Last updated

The National Cyber Security Bill 2024 is an Irish bill published by the Oireachtas in 2024. [1] The legislation was published on 30 August 2024. [2]

Contents

NIS 2

The legislation transposes several important parts of NIS2: [1] [3]

Designation of competent authorities

National competent authorities are defined. [1] [3] Ireland has chosen a federated model for NIS 2, with the National Cyber Security Centre as the lead competent authority, with responsibility for large-scale cybersecurity incidents in Ireland. [4] The NCSC is also designated as Irelands' CSIRT. [3] [2]

Caption text
Competent AuthorityNIS 2 sector
Commission for Regulation of Utilities Energy, Drinking Water, Waste water [4] [2]
Commission for Communications Regulation Digital infrastructure, ICT Service management, Space, Digital Providers [4] [2]
Central Bank of Ireland Banking, Financial markets [4] [2]
Irish Aviation Authority Aviation [4] [2]
Commission for Railway Regulation Rail [4] [2]
Minister for Transport Maritime transport [4] [2]
National Transport Authority Road [4] [2]
An agency or agencies under the remit of the Minister for Health Health [4] [2]
National Cyber Security Centre All other in-scope sectors [4] [2]

Essential and important entities

  1. Essential entities operate in critical sectors such as energy and transport. [1]
  2. Important entities operate in sectors with a high cyber risk such as waste management and post. [1]

Cybersecurity risk management

Essential entities will be required to have robust risk management, including regular risk assessments, having suitable security measures and a plan for incidence response. [1] [2]

Incident reporting

Both essential and important entities are required to report significant incidents to a competent authority. [1] [3] [2]

Supervision and enforcement

Noncompliance with the directive can lead to CEOs, directors and other managers having their roles restricted in essential and important entities. [1] If an individual, knowingly or through neglect, can be proven to have caused a corporate body to not comply, then can be found personally liable. [1] Financial penalties can also be imposed. [1]

For an essential entity the maximum penalty is the larger of €10 million or 2% of worldwide turnover in the previous financial year. [1] [2]

For an important entity the maximum penalty is the larger of €7 million or 1.4% of worldwide turnover in the previous financial year. [1] [2]

Business licences can be suspended by a national competent authority. [1] The High Court oversees these matters. [1]

National Cyber Security Centre

The bill also deals with the National Cyber Security Centre. [1] [2]

The centre will be established as an executive office of the Department of the Environment, Climate and Communications. [1]

The centre will have enhanced responsibilities both nationally and internationally. [1] It will have the power to scan for vulnerable systems and employ sensors, at request of an important or essential entity. [1]

References

  1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Delaney, Sharon (2024-09-25). "National Cyber Security Bill 2024". Beauchamps. Retrieved 2025-02-19.
  2. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Austin, Julie; Madden, Michael (2024-09-16). "National Cyber Security Bill 2024 General Scheme Published". Lexology. Retrieved 2025-02-19.
  3. 1 2 3 4 "The National Cyber Security Bill 2024 (NIS2)". Mason Hayes & Curran. Retrieved 2025-02-19.
  4. 1 2 3 4 5 6 7 8 9 10 Salizzo, Carlo; Bohan, Anne-Marie; Crowley, Deirdre; Hanna, Sarah Jayne; Brennan, Davinia; Condon, Thomas (2024-09-02). "General Scheme of NIS 2 Implementing Legislation Published". Matheson. Retrieved 2025-02-19.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.