The European Parliament has passed the NIS3 Directive, significantly expanding cybersecurity obligations to previously uncovered sectors including healthcare, food supply chains, and space infrastructure. The new regulation builds on NIS2 and introduces mandatory incident reporting within 6 hours and stricter supply chain security requirements.
Organizations have 18 months to achieve compliance. Non-compliance penalties can reach up to 2% of global annual turnover, and executive personal liability provisions have been strengthened.