My organisation has to comply with Directive (EU) 2022/2555 (the ‘NIS 2 Directive’). Does it also have to comply with Part-IS or is it considered covered?
My organisation has to comply with Directive (EU) 2022/2555 (the ‘NIS 2 Directive’). Does it also have to comply with Part-IS or is it considered covered?
According to the Guidelines provided by the European Commission on ‘sector-specific Union legal acts’, Part-IS does not fall under the category of ‘Lex Specialis’ (refer to Article 4 of the NIS 2 Directive). This is mainly due to the specific scope of the information security management system (ISMS) legislation as compared to the broader approach of the NIS 2 Directive. However, EASA is working with the European Commission to have Part-IS compliance ‘credited’ in the context of NIS 2 compliance. This can be achieved either during the incorporation of the Directive into national legislation or during the implementation phase. Further guidance on this topic will be provided in 2025.
Last updated