Network and Information Security (NIS) Directive
The Network and Information Security (NIS) Directive aims to achieve a high common level of security of networks and information systems within the European Union. The final text was published on July 6, 2016.
The NIS Directive establishes security and notification requirements for Operators of Essential Services (OoES) and Digital Service Providers (DSP). Sectors that are affected are energy, transport, financial market infrastructure, health, drinking water and digital infrastructure but also include online marketplaces, online search engines and cloud services that provide services in the EU.
The NIS Directive lays down specific requirements for Member States of the EU to adopt a national NIS strategy, to designate National Competent Authorities (NCA), Single Points of Contact (SPoC) and Computer Security Incident Response Teams (CSIRT) . Next to member state requirements the NIS also organizes a EU cooperation group and a network of CSIRT's.
1Implementation / enforcement 12/2012 - 02/2013
2Discussion / consultation 02/2013 - 08/2016
3Implementation / enforcement 08/2016 - 05/2018
4In effect 05/2018 -
There are many challenges with the implementations of the NIS directive. Organizations are faced with additional cyber security legislation on a national level. Also EU member states are faced with requirements for unbiased identification of Operators of Essential Services and Digital Service providers. Governing bodies will need to adequately respond to incidents that organizations are required to report. And last but not least compliance monitoring and enforcement with fines need to be organized.