On July 6, 2016, the European Parliament plenary session formally adopted the Network and Information Security Directive (“NIS Directive”) at second reading.
Securing network and information systems in the EU is fundamental to keep the online economy running and to ensure prosperity. The NIS Directive is the key instrument supporting Europe’s cyber resilience. The aim of the NIS Directive is to bring cybersecurity capabilities at the same level of development in all EU member states and ensure that exchanges of information and cooperation are efficient, including at a cross border level.
The NIS Directive also stipulates security obligations for operators of essential services, including transport, health and finance and digital service providers, such as online marketplaces, search engines and cloud services. Any disruption to the services provided by essential operators poses a severe risk to society and the economy and therefore the requirements will be stronger for such operators than for digital service providers. Each member state will also be required to designate one or more national authorities and lay down a strategy to deal with cyber threats.
The NIS Directive will now be published in the OJ and will enter into force on the twentieth day after publication. The EU member states will then have 21 months to transpose the NIS Directive into their national laws and six further months to identify operators of essential services.
For further information, please see the European Parliament press release.