Certified Information Privacy Professional – Europe (CIPP/E) — Question 264

All of the following will be established by the second Network and Information Security Directive ("NIS2") EXCEPT?

Answer options

• A. Baseline cybersecurity measures that each covered entity must address.
• B. Powers to inspect, audit, or require information from covered organizations.
• C. A common controls framework that every organization must adopt.
• D. A new network for EU member states to cooperate on large-scale breaches.

Correct answer: C

Explanation

The correct answer is C, as NIS2 does not mandate a uniform controls framework for all organizations. Options A, B, and D reflect key components of NIS2, which aims to enhance cybersecurity measures, empower regulatory oversight, and facilitate collaboration among EU member states.