Ireland is required to adopt new EU cybersecurity rules from today.
The Government has said it will miss the deadline to transpose the "NIS2" Directive, but businesses are pressing ahead with their preparations.
Under the regulations, companies and State bodies must boost their cyber defences with the threat of heavy fines for breaches of the rules.
NIS2 expands the scope of previous regulations to include additional sectors like food processing.
Lakeland Dairies in Cavan is one of the companies that will have to comply with the new rules.
More than a million litres of raw milk are processed every day at Lakeland's production facility in Killashandra.
Among the products that are made are flavoured milks, as well as the UHT milk pots and sticks that you'll find in coffee shops and on airplanes.
It is a 24-7 operation and because milk is perishable, even small delays in the production process can have major consequences.
Lakeland Dairies has robust measures in place to protect against disruptions caused by cyberattacks, but the company will now also need to comply with the new EU cybersecurity regulations.
"It means a change for us with extra costs and extra resources needed," said Gerry Forde, Group IT Operations Manager at Lakeland Dairies.
"There will be extra work as well additional training that has to be done," he said.
"It's something we're working on all the time. Cyber is ever changing, and it's just another thing we have to align with and get ready for," Mr Forde said.
"The challenge of a cyberattack is another thing you have to worry about," he added.
The Network and Information Security Directive, or NIS2, expands the scope of covered organisations and sectors to improve the security of supply chains.
As well as food processing, other new sectors being brought under the regulations include postal services, waste management, chemicals, and digital providers such as online search engines and social networking platforms.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
Under the new rules, organisations will be required to have robust cyber defences in place and follow strict reporting requirements if a cyberattack occurs.
Failure to comply, could see fines of up to €10m for larger organisations.
Senior managers may also be held personally liable for breaches of the regulations.
Individuals could be temporarily banned from holding management positions in the case of repeated violations.
The Department of the Environment, Climate and Communications said that it is currently engaging with other relevant Government departments and agencies on the drafting of the legislation to transpose the NIS2 Directive.
"Unfortunately, the transposition deadline of 17 October 2024 will not be met," a Department spokesperson said.
"NIS2 is a complex piece of legislation which requires a complete overhaul of existing legislation."
"Ireland is not alone in this regard, most EU Member States have indicated they will not meet the transposition deadline, with the majority indicating that it will be 2025 before national legislation is in place," the Department said.
Read more
Are Irish businesses ready for new EU cybersecurity rules?
Ireland to miss EU cybersecurity deadline
While the directive will not be transposed on time, a number of steps have been taken to meet the requirements of the new EU cybersecurity rules.
The Government has approved the designation of the national competent authorities for each of the sectors set out in the directive, including the designation of the National Cyber Security Centre (NCSC) as the lead national competent authority.
At Lakeland Dairies, its IT team may be pressing ahead with their preparations, but the new EU cyber rules will also have implications for many of the smaller third-party suppliers that it deals with.
"These could be anyone from customers that we're trading with, but also small third-party vendors that we'll be dealing with on different sites that would be key to some of our manufacturing processes," Mr Forde said.
"As you go down to smaller companies, you wonder about where they will sit and what's the impact for them? Will they need a third-party supplier to help them?"
"It will be a challenge for those smaller companies," Mr Forde said.
