On July 19, 2016, the "Directive concerning measures for a high common level of security of network and information systems across the Union" (referred to as NIS Directive) was published in the EU Official Journal. The NIS Directive will thus enter into force on August 8, 2016.

The Directive aims at a high common level of security of network and information systems within the EU. To this end, it stipulates minimum requirements for IT security and is intended to strengthen the cooperation between EU Member States in the field of cyber security.

Member States have until September 05, 2018 to transpose the provisions of the NIS Directive into national law. Since the IT Security Act entered into force in Germany in 2015, the German legislature should have already met the majority of the EU minimum requirements for IT security. An overview of the core contents of the NIS Directive and the parallels to the IT Security Act can be found on our website.