Delay in NIS2 Categorization Impacts Cybersecurity Preparedness

The eighth NIS (Network and Information Security) Directive working group meeting did not finalize the categorization model for entities under the NIS2 directive. The Italian National Cybersecurity Agency (ACN) indicated that a critical phase impacting asset inventory, risk management, and Business Impact Analysis will occur between May and June. The absence of categorization guidelines is currently delaying documentation and risk analysis efforts for affected organizations. The directive aims to strengthen cybersecurity resilience for essential and important entities across the EU. No specific technical details, CVE IDs, or numerical data were provided in the report.