The EU cybersecurity regime recently underwent a notable reform. In January 2023, Directive 2022/2555, the new NIS 2 Directive – the EU-wide legislation on cybersecurity – entered into force, amending existing legislation and repealing Directive 2016/1148, in place since 2016.