Network and Information Security (NIS) Directive

The Network and Information Security (NIS) Directive aims to achieve a high common level of security of networks and information systems within the European Union. The final text was published on July 6, 2016. 

The NIS Directive establishes security and notification requirements for Operators of Essential Services (OoES) and Digital Service Providers (DSP). Sectors that are affected are energy, transport, financial market infrastructure, health, drinking water and digital infrastructure but also include online marketplaces, online search engines and cloud services that provide services in the EU.

The NIS Directive lays down specific requirements for Member States of the EU to adopt a national NIS strategy, to designate National Competent Authorities (NCA), Single Points of Contact (SPoC) and Computer Security Incident Response Teams (CSIRT) . Next to member state requirements the NIS also organizes a EU cooperation group and a network of CSIRT's.
 

2019
2020
2021
2022
2023
2024
4
1
Implementation / enforcement 12/2012 - 02/2013
2
Discussion / consultation 02/2013 - 08/2016
3
Implementation / enforcement 08/2016 - 05/2018
4
In effect 05/2018 -

STATUS
The NIS Directive was adopted by the European Parliament on 6 July 2016 and entered into force in August 2016. Member States have to transpose the Directive into their national laws by 9 May 2018 and identify operators of essential services by 9 November 2018.

There are many challenges with the implementations of the NIS directive. Organizations are faced with additional cyber security legislation on a national level. Also EU member states are faced with requirements for unbiased identification of Operators of Essential Services and Digital Service providers. Governing bodies will need to adequately respond to incidents that organizations are required to report. And last but not least compliance monitoring and enforcement with fines need to be organized.

author
Chantal Rademaker de Ridder Partner
Categories: Privacy & Security