Cyberattack: EU Directive Not Yet Implemented

It should have been done by October 2024, but a legislative proposal did not achieve the necessary two-thirds majority in parliament. Whether the implementation could have prevented the cyberattack on the Ministry of the Interior (BMI) that became known over the weekend is speculative, said legal scholar Nikolaus Forgó on Monday in the Ö1 "Midday Journal".

Most EU countries are delinquent with the NIS-2 Directive

Tendentially, the awareness of information security in European administration is still expandable, according to Forgó. Most EU countries are delinquent with the NIS-2 Directive. One reason is that it demands immediate responsibility from leadership bodies in case of violations, explained the professor of technology law at the University of Vienna. This would not directly lead to more security, but: "If this obligation has not yet been implemented in national law, it probably means at least that those attacked may have been less cautious," said Forgó.

The ÖVP-led Ministry of the Interior was confident towards Ö1 that the attack could not have been prevented. The draft law for the NIS-2 Directive has since been revised. Coordination is underway with the current coalition partners SPÖ and NEOS. In the opposition, they had rejected the proposal last year.

(APA/Red)

This article has been automatically translated, read the original article here.