The NIS2 Directive establishes a comprehensive cybersecurity governance framework across the European Union, mandating Member States to identify, classify, and oversee essential and important entities. As part of this governance ecosystem, Member States are required to submit national registries of these entities to the European Commission, the Cooperation Group, and ENISA. This paper critically examines the NIS2 Directive, with particular emphasis on its provisions for creating registries of essential and important entities. Specifically, Article 3 requires Member States to compile national registries containing entity details such as name, sector, and contact information, while Article 27 assigns ENISA the responsibility of maintaining a centralized EU-level registry for designated digital infrastructure and service providers. We operationalize these legal mandates by translating them into concrete technical specifications, guiding the design and development of a modular, legally compliant registry system. Employing the Design Science Research (DSR) methodology, we decompose complex legal requirements into a structured workflow, deterministic classification algorithms, and a comprehensive set of system specifications. The resulting conceptual registry prioritizes automation, harmonization, information sharing, and context-aware supervision, thereby supporting competent authorities in fulfilling their obligations and ensuring compliance at both national and EU levels. This study contributes a reusable framework that effectively bridges legal interpretation with technical implementation, offering a scalable and robust solution for cybersecurity governance under the NIS2 Directive.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Designing an NIS2-Compliant Registry System: A Design Science Approach to the Classification and Supervision of Essential and Important Entities

  • Fabian Aude Steen,
  • Vasileios Mavroeidis,
  • Mateusz Zych,
  • Konstantinos Fysarakis

摘要

The NIS2 Directive establishes a comprehensive cybersecurity governance framework across the European Union, mandating Member States to identify, classify, and oversee essential and important entities. As part of this governance ecosystem, Member States are required to submit national registries of these entities to the European Commission, the Cooperation Group, and ENISA. This paper critically examines the NIS2 Directive, with particular emphasis on its provisions for creating registries of essential and important entities. Specifically, Article 3 requires Member States to compile national registries containing entity details such as name, sector, and contact information, while Article 27 assigns ENISA the responsibility of maintaining a centralized EU-level registry for designated digital infrastructure and service providers. We operationalize these legal mandates by translating them into concrete technical specifications, guiding the design and development of a modular, legally compliant registry system. Employing the Design Science Research (DSR) methodology, we decompose complex legal requirements into a structured workflow, deterministic classification algorithms, and a comprehensive set of system specifications. The resulting conceptual registry prioritizes automation, harmonization, information sharing, and context-aware supervision, thereby supporting competent authorities in fulfilling their obligations and ensuring compliance at both national and EU levels. This study contributes a reusable framework that effectively bridges legal interpretation with technical implementation, offering a scalable and robust solution for cybersecurity governance under the NIS2 Directive.