= National Cyber Security Bill 2024 (Ireland) =

The National Cyber Security Bill 2024 is an Irish bill published by the Oireachtas in 2024. The legislation was published on 30 August 2024.

==NIS 2==
The legislation transposes several important parts of NIS 2:

===Designation of competent authorities===
National competent authorities are defined. Ireland has chosen a federated model for NIS 2, with the National Cyber Security Centre as the lead competent authority, with responsibility for large-scale cybersecurity incidents in Ireland. The NCSC is also designated as Irelands' CSIRT.

  - Caption text**

| Competent Authority | NIS 2 sector |
| Commission for Regulation of Utilities | Energy, Drinking Water, Waste water |
| Commission for Communications Regulation | Digital infrastructure, ICT Service management, Space, Digital Providers |
| Central Bank of Ireland | Banking, Financial markets |
| Irish Aviation Authority | Aviation |
| Commission for Railway Regulation | Rail |
| Minister for Transport | Maritime transport |
| National Transport Authority | Road |
| An agency or agencies under the remit of the Minister for Health | Health |
| National Cyber Security Centre | All other in-scope sectors |

===Essential and important entities===
1. Essential entities operate in critical sectors such as energy and transport.
2. Important entities operate in sectors with a high cyber risk such as waste management and post.

===Cybersecurity risk management===
Essential entities will be required to have robust risk management, including regular risk assessments, having suitable security measures and a plan for incidence response.

===Incident reporting===
Both essential and important entities are required to report significant incidents to a competent authority.

===Supervision and enforcement===
Noncompliance with the directive can lead to CEOs, directors and other managers having their roles restricted in essential and important entities. If an individual, knowingly or through neglect, can be proven to have caused a corporate body to not comply, then can be found personally liable. Financial penalties can also be imposed.

For an essential entity the maximum penalty is the larger of €10 million or 2% of worldwide turnover in the previous financial year.

For an important entity the maximum penalty is the larger of €7 million or 1.4% of worldwide turnover in the previous financial year.

Business licences can be suspended by a national competent authority. The High Court oversees these matters.

==National Cyber Security Centre==

The bill also deals with the National Cyber Security Centre.

The centre will be established as an executive office of the Department of the Environment, Climate and Communications.

The centre will have enhanced responsibilities both nationally and internationally. It will have the power to scan for vulnerable systems and employ sensors, at request of an important or essential entity.
