General Scheme of the National Cyber Security Bill 2024
Source: Department of the Environment, Climate and CommunicationsPublished: 30 August 2024
The National Cyber Security Bill 2024 (currently being drafted in line with the General Scheme featured below) concerns the transposition of the Network and Information Security Directive EU 2022/2555 (NIS2 Directive). It also provides for the establishment of the National Cyber Security Centre (NCSC) on a statutory basis, its mandate and role in general.
The scheme legislative proposals will grant the National Cyber Security Centre (NCSC) the power to implement “sensors” on the systems of designated essential and important entities, as part of its extended role. The NCSC will also the power to suspend or remove websites where they believe they have been compromised with the intent of causing harm to the State.
Some of the key provisions the General Scheme transposes are:
- Designation of Competent Authorities: National Competent Authorities (NCAs) have been designated for overseeing the implementation of the Directive and enforcement within each relevant sector. The Minister also has the ability via secondary legislation to designate additional competent authorities as required in consultation with the relevant persons the Minister considers appropriate
- Essential and Important Entities: The Directive defines two categories of entities: "Essential Entities" in critical sectors like energy and transport, and "Important Entities" in sectors with a high cyber risk profile (such as waste management, postal services)
- Cybersecurity Risk Management: Essential Entities will be required to implement stricter risk management measures, including conducting regular risk assessments, adopting appropriate security measures, and having a plan for incident response
- Incident Reporting: Both Essential and Important Entities will have obligations to report certain cyber incidents to the competent authority.
- Supervision and Enforcement: There are penalties for non-compliance with the Directive, including the power to restrict company CEOs and Directors and other senior managers from their positions in Essential and Important Entities where there has been a non-compliance with this act. There is also a power for an NCA who issues a license to an entity to operate their business in the State to suspend that license until there is a compliance with the provisions in the Directive. These penalties are serious in nature but reflect the seriousness of the breaches and also reflect what is contained within the Directive. The High Court provides a sufficient level of safeguards in the implementation of these measures. It also follows the attitude adopted in the Companies Act (2014) (as amended) where all sanctions of a serious nature are dealt with by the High Court
Some of the key provisions for the NCSC are:
- Governance: The governance of the NCSC, including establishing it as an Executive Office of DECC as well as setting out the composition and governance structure of NCSC more generally. The NCSC has a number of National Security roles and thus, cannot be fully independent of Ministerial Authority. It will have reporting obligations to the Minister. It will, however, be important to ensure the safeguarding of the NCSC’s independence within the Bill in circumstances where it was established by Government Decision and operates under the authority of the Minister
- Enhanced Role: The General Scheme sets out roles for the NCSC including national cyber security monitoring, resilience building, information sharing (national and international) and the national incident response. It also gives the NCSC specific powers to engage in a range of scanning type activities to identify systems vulnerable to specific exploits. This type of activity is also required of the State under Article 11 of the NIS2 Directive
- Use of Sensors: The NCSC shall provide, upon the request of an essential or important entity, a proactive scanning of the network and information systems of the entity concerned to detect vulnerabilities with a potential significant impact
Download - General Scheme of the National Cyber Security Bill 2024


If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:
By email:
secretary@iisf.ie
By post:
David Cahill
Information Security
GPO, 1-117
D01 F5P2
Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland
Forum SPONSORS
Invitations for Annual Sponsorship of IISF has now reopened.

(your logo & profile link here)
Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more