The launch of the new set of proposed ‘risk management measures’ (RMMs) as well as the ‘Cyber Fundamentals’ framework (CyFun) mark a significant step in Ireland’s implementation of NIS2, which will be transposed into Irish law in the coming months.

Ireland has joined CyFun, originally developed in Belgium, as a scheme co-owner.

Joseph Stephens, director of resilience at the NCSC, said: “A core challenge in this process has been determining how thousands of different businesses can demonstrate compliance with the directive’s broad security measure.

“We’ve worked hard to develop a framework that provides clear guidance, while remaining flexible enough to accommodate organisations of different sizes, sectors, and risk profiles.

“Teaming up with other countries like Belgium and Romania makes this a solution that will work across the EU.”

The RMMs together act as a detailed guide setting out the “minimum baseline” of what essential and important entities are required to do under NIS2 to manage cybersecurity risk.

The document aligns with the European Commission’s implementing act and will inform future national legislation.

CyFun is a structured, tiered framework based on the NIST Cybersecurity Framework.

It provides practical, actionable controls to help entities meet their obligations, and can be used to prepare for voluntary cyber security certification scheme.