On 23.11.2023 November 2, Rakennusteollisuus RT has issued a statement regarding the draft government proposal for the implementation of the cyber security directive (NIS18157 directive), VN/2023/XNUMX.
The construction industry RT generally supports the proposed changes, which can enhance and clarify the digital security required from the physical operating environment of critical operators. Although the NIS2 directive takes into account the physical environment and the related cyber security risks only on a basic level, it is still a clear improvement on the previous situation.
However, at the very least, the explanatory memorandum of the law should clarify beforehand the extent of risk management and the required measures to the properties, buildings and their building technology used by the operators covered by the regulation. Also in the case of situations where the operator has leased premises, real estate, equipment and software, the regulations should be clarified with regard to various responsibilities and access to information and inspection rights.
In the case of official supervision, the centralized implementation of supervision of the physical environment should be considered, so that the limited resources of the sector are not fragmented too much.
More information
