Search
2 results for “directive”
Mandates
ENISA / EU
The EU Network and Information Security Directive 2 (NIS2, Directive 2022/2555) requires essential and important entities across the EU to implement appropriate cryptographic measures as part of a risk-based cybersecurity framework. ENISA's technical guidelines explicitly incorporate post-quantum cryptography readiness as a forward-looking requirement. Member states were required to transpose NIS2 into national law by October 2024.
OMB / US_FEDERAL
OMB Memorandum M-23-02 directs federal agencies to inventory cryptographic systems and prioritize migration to post-quantum cryptography in accordance with NIST standards. Agencies must identify systems that use public-key cryptography and create actionable migration plans. The memo responds to National Security Memorandum NSM-10 and aligns with OMB's broader zero-trust strategy. All inventory and migration plan deadlines have now passed.