CySEC Approves New Cybersecurity Regulations and Suspends Registration of Crypto Service Providers
- European Commission Adopts New Cybersecurity Rules under NIS2 Directive
- Suspension of Registration for Crypto Service Providers
European Commission Adopts New Cybersecurity Rules under NIS2 Directive
On 17 October, the European Commission approved the initial cybersecurity regulations under the NIS2 Directive, which came into effect on 18 October 2024. These rules aim to enhance cyber risk management within EU Member States and mandate a series of compulsory measures to bolster the security of digital services.
All EU Member States are now required to ensure that companies providing digital services implement effective cyber risk management measures, which include:
- Development of Data Protection Strategies: Companies are obliged to create and implement strategies aimed at safeguarding the confidentiality and integrity of the data they process.
- Regular Security System Audits: Companies must conduct regular audits and security testing to identify and mitigate vulnerabilities. This may include both internal and external assessments conducted by independent specialists.
- Cybersecurity Training for Personnel: Companies must provide training for employees to increase their awareness of cyber threats and to instruct them on responding to security incidents, which is vital for minimising human-related risks.
- Implementation of Security Technologies: Companies are required to utilise modern security technologies, such as encryption, intrusion detection systems, and antivirus software, to protect information and systems.
- Incident Response Planning: Companies must establish clear plans and procedures to respond to cyber incidents, including swift recovery and notification of relevant authorities.
- Mandatory Reporting of Cyber Incidents: Companies are obligated to report significant incidents to their national authorities, thereby improving coordination in addressing cyber threats across the European Union.
Increased Fines: Non-compliance with the new requirements may lead to substantial fines, underscoring the importance of cybersecurity for both public and private sector organisations.
Suspension of Registration for Crypto Service Providers
In anticipation of the new EU Regulation 2023/1114 on Markets in Crypto-assets, set to come into force on 30 December 2024, CySEC has decided to halt the acceptance of new applications for the registration of Crypto Asset Service Providers (CASP). This decision is driven by the need to prepare for the incoming standards and regulations, which aim to ensure a higher level of investor protection and market transparency within the crypto asset sector.
Transition Period: Providers registered before 30 December 2024 will be permitted to continue their operations until 1 July 2026 or until they obtain a licence under the new rules. This transition period grants them time to adapt to the new requirements and to prepare the necessary documentation.
These changes are crucial to enhancing the level of security across digital markets and infrastructure within Cyprus and the EU. They will help safeguard users and investors from cyber threats and establish a more resilient ecosystem for crypto service providers.
Dear journalists, the use of materials from REVERA website in publications is possible only after our written permission.
For approval of materials please contact e-mail: i.antonova@revera.legal or Telegram: https://t.me/PR_revera