The draft of a new EU directive on cyber security (the so-called “NIS II”) implies that more transport companies will be covered by these laws, as “thresholds”, i.e. exclusions on the scope of application of the directive depending on e.g. the volume of goods handled, will be abandoned.
In rail transport, the directive will cover, among others, operators of service facilities or supplying services to railroad undertakings.
In maritime transport the directive will cover transport companies, VTS operators, port and port facilities managers, as well as entities operating works and equipment contained within ports, regardless of the volume of goods transported or handled.
The list of sanctions for violations of cyber security obligations includes, among others, fines up to Eur 10 million, revocation of licenses, authorizations, certifications, and bans on board members of such entities.
Attorney at law
+48 91 886 24 01