Repealing Directive (EU) 2016/1148 means that it will no longer be in force from 18 October 2024, and from that date forward, any legal references or obligations previously connected to it will instead refer to the newer NIS2 directive, using a provided correlation table to guide the transition clearly.

The older directive, Directive (EU) 2016/1148, is being replaced by the newer NIS2 directive to update and strengthen cybersecurity requirements across Europe, address new threats, and ensure better protection and resilience for critical digital services and important network infrastructures used daily in the EU member states.

After 18 October 2024, the obligations under Directive (EU) 2016/1148 will be replaced by the requirements in the NIS2 directive, meaning organizations must understand the updated rules specified in NIS2 and implement them accordingly by using the correlation table to identify equivalent provisions that maintain compliance with EU law.

The correlation table is located in Annex III of the NIS2 directive; this table clearly matches specific articles of the previous directive with the relevant new articles in NIS2, helping people and organizations easily understand how they must adapt their cybersecurity practices according to the updated rules and standards.