In the course of 2015, the EU Networking and Information Security ("NIS") Directive is expected to be finalized with the aim of commencing the implementation, in practice, from 2017. The NIS Directive aims to ensure a high common level of network and information security, and ensure that critical national infrastructure (operators, such as banks and energy companies)meets appropriate IT security standardsshares information about cyber-threats and reports when they have been breached.

In this regard, a recent report demonstrates a mixed state of readiness amongst organizations in France, Germany and the UK, many of which do not appear fully prepared to meet the compliance requirements of the forthcoming NIS Directive, or comprehend the true extent of their potential impact on current security policy and reporting procedures.