PERSONAL SCOPE OF THE NIS 2 DIRECTIVE AND ITS TRANSPOSITION INTO THE LEGAL ORDERS OF SELECTED EU MEMBER STATES

Abstract

The new cyber security legislation known as NIS 2 Directive is the second attempt to harmonize the area of ​​cyber security in the European Union. The first legislative act, the NIS Directive, did not achieve the regulator's basic objective of harmonization in this area, partly due to incorrect transposition regarding personal scope. In this contribution, the authors analyze the NIS 2 directive in the context of personal scope. In particular, the analysis will focus on how the new regulation applies to regulated entities in general, including public administration entities and those in the field of education. The cyber security legislation of two states that have already transposed the NIS 2 Directive, namely Croatia and Belgium, will also be analyzed.