Food distribution sector calls on EU to exempt medium sized businesses from costly NIS 2 cybersecurity obligations

The Commission proposal for a NIS 2 Directive would expand the scope of cybersecurity obligations to all medium sized enterprises in the food distribution sector. Such a wide scope would entail massive compliance costs for these companies, even though they are not ‘critical’ (in the sense of the Directive) for local food supply. The signatories of this statement call on EU institutions to exempt from the NIS 2 Directive all medium sized food distribution companies, or ensure that only such companies supplying a critical share of the population be covered.