DP News – Xmas and New Year release! NIS2 Directive is now published, the Dutch DPA names AI algorithms as its focus area in 2023.

On 27 December, the Official Journal of the EU published the so-called NIS2 Directive highlighted in DPOrganizer’s DP News release for the Week 46. To reiterate, the idea behind the NIS2 Directive is that more companies and sectors will be bound by its scope: “The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation”, the European Parliament previously explained.

In addition, NIS2 Directive aims to harmonise cybersecurity requirements and measures in different member states. “To achieve this, it sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each member state”, Council of the EU’s press release explains.

The directive also establishes the European Cyber Crises Liaison Organisation Network (EU-CyCLONe), which will support the coordinated management of large-scale cybersecurity incidents and crises. In accordance with Recital 71, “EU-CyCLONe should work as an intermediary between the technical and political level during large-scale cybersecurity incidents and crises and should enhance cooperation at operational level and support decision-making at political level”.

The NIS2 Directive will enter into force after 20 days from the date of publication in the Official Journal of the EU. EU Member States will have 21 months from the entry into force to incorporate the provisions of the directive into their national law.

As DPOrganizer published the article “Privacy in the age of AI” last week (written by Denis Sadovnikov), the Dutch Data Protection Authority (DPA) named AI algorithms as one of its focus areas for the supervision in 2023. As DPA explains in its press release, “Algorithms and artificial intelligence (AI) play an increasingly important role in decisions that companies and the government make about people. This presents opportunities, but there is a threat of losing human dimension. Algorithms can have a huge impact on people’s lives and on society. […] An important part of the new supervision is identifying and analysing cross-sector and domain-transcending risks of algorithms, and facilitating and intensifying collaboration with other organisations” (unofficial translation from Dutch).

The DPA will start these new activities in January, 2023. In the initial period, the focus will be on identifying risky algorithms, gathering knowledge and further shaping the collaboration.