The Directive on security of network and information systems (the NIS Directive) provides legal measures to boost the overall level of cybersecurity in the EU by ensuring:

  • Member States' preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority,
  • cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States. 
  • a culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.

As a result of the review process, the new legislative proposal was presented on 16 December 2020. 

The proposal is part of a package of measures to further improve the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole. It covers the field of cybersecurity and critical infrastructure protection. The proposal is in line with the Commission’s priorities to make Europe fit for the digital age and to build an economy ready for a future that works for the people.

The proposal builds on and repeals the current NIS Directive. It modernises the existing legal framework taking account of the increased digitisation of the internal market in recent years and an evolving cybersecurity threat landscape.

The proposal for a revised Directive on security of network and information systems was accompanied by an impact assessment, which was submitted to the Regulatory Scrutiny Board (RSB) on 23 October 2020 and received a positive opinion with comments by the RSB on 20 November 2020.

political agreement was reached on 13 May 2022.

Tags: Cybersecurity
Publication Date: 06/07/2016