• By 17 October 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive.

    

  They shall apply those measures from 18 October 2024.
• According to Article 21 (Cybersecurity risk-management measures), essential and important entities must take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems which those entities use for their operations or for the provision of their services, and to prevent or minimise the impact of incidents on recipients of their services and on other services.
• When assessing the proportionality of those measures, due account shall be taken of the degree of the entity’s exposure to risks, the entity’s size and the likelihood of occurrence of incidents and their severity, including their societal and economic impact.
• s not established in the EU, but offers services within the EU, it shall designate a representative in the EU. The representative shall be established in one of those Member States where the services are offered. Such an entity shall be considered to fall under the jurisdiction of the Member State where the representative is established
• Therefore, the cybersecurity risk-management measures taken by the entity should protect not only the entity’s network and information systems, but also the physical environment of those systems from any event such as sabotage, theft, fire, flood, telecommunication or power failures, or unauthorised physical access
• Now any disruption, even one initially confined to one entity or one sector, can have cascading effects more broadly, potentially resulting in far-reaching and long-lasting negative impacts in the delivery of services across the whole internal market.

• t sets out minimum rules for a regulatory framework and lays down mechanisms for effective cooperation among relevant authorities in each member state. It updates the list of sectors and activities subject to cybersecurity obligations, and provides for remedies and sanctions to ensure enforcement.

    

   The directive will formally establish the European Cyber Crises Liaison Organisation Network, EU-CyCLONe, which will support the coordinated management of large-scale cybersecurity incidents.
• sion proposal expands the scope of the current NIS Directive by adding new sectors based on their how crucial they are for the economy and society, and by introducing a clear size cap — meaning that all medium and large companies in selected sectors will be included in the scope
• The proposal also eliminates the distinction between operators of essential services and digital service providers. Entities would be classified based on their importance, and divided into essential and important categories, which will be subjected to different supervisory regimes.
• The proposal strengthens and streamlines security and reporting requirements for companies by imposing a risk management approach, which provides a minimum list of basic security elements that have to be applied.
• proposes to address security of supply chains and supplier relationships by requiring individual companies to address cybersecurity risks in supply chains and supplier relationships. At European level, the proposal strengthens supply chain cybersecurity for key information and communication technologies. Member States in cooperation with the Commission and ENISA, may carry out coordinated risk assessments of critical supply chains

9 more annotations...

• The data center life span depends on use, design, build, and operation. Just as you would care for a human being, the same is needed for data centers in the form of new technology adoption, maintenance, and upgrade of the physical and digital infrastructure [2].
• It is estimated that data centers use 200 terawatt hours (TWh) each year, which surpasses that of some countries. Data centers contribute about 0.3% of total global carbon emissions, whereas information and communications technology (ICT) accounts for more than 2% of global emissions. This is predicted to increase to 20% by 2030, which in turn rises the carbon footprint of economies, according to the International Energy Agency in 2017
• AI and ML can be used for automating and enhancing operational performance, including materials upgrade, and CFE use. This is done with the use of historical performance data, AI algorithms, day ahead weather conditions which in turn can predict renewable energy generation and calculate 7 × 24 match with the energy consumption usage in the data center. With the use of IoT-based sensor networks and AI, we can monitor and predict server utilization and operation performances of any data center, thus allowing early warning notifications of faulty hardware, excessive heat from servers, as well as preventive maintenance to alleviate system downtime
• We should shift towards sustainable and circular data centers by implementing circularity, 24· × 7 × 365 resiliency, triple zero (carbon, pollution, waste) measures, reduce water usage, refine e-waste strategies, social cost of ownership, capital usage, materials passports, lifecycle maintenance strategies, and 24 × 7 reporting per each kilowatt hour used;

2 more annotations...

• from Cesar Melendez-Villegas