EU NIS 2.0 and the Maritime Industry

On the 17th January 2023 EU NIS 2 (EU NIS 2.0 2022/2055 -‘The Directive’), giving EU Member states 21 months to transpose the Directive in Nation State laws.  EU NIS 2 applies to critical national infrastructure providers that are deemed ‘sectors of high criticality ’ and ‘other critical sectors'.  Providers that include the Maritime Industry.  On the 26th July 2023 the Securities and Exchange Commission(SEC) passed the cybersecurity risk management final rule, requiring SEC registrants report material cyber risks and material cyber incidents to the regulator, that amongst other sectors effects maritime registrants on U.S capital markets.

The maritime sector is now regulated to comply with cybersecurity risk management that includes the oversight and assurance of material cyber risk and material cyber incidents.  Under regulation that requires board to attest to the cybersecurity risk management of their organisation.  Increasing legal and compliance risk through regulatory enforcement, shareholder actions and investor intervention.

In this paper we discuss cyber regulation on the maritime industry the the impact of cyber regulation on maritime providers and their reporting obligations and enforcement.