On 12 September 2014, the European Central Bank (ECB) published an opinion on the European Commission's proposed Directive concerning measures to ensure a high common level of network and information security (NIS) across the EU (Cyber-Security Directive).
The ECB generally supports the aim of the proposed Directive. However, it makes a number of observations, including the following:
- The proposed Directive should be without prejudice to the existing regime for the Eurosystem’s oversight of payment and settlement systems, which includes appropriate NIS arrangements. The ECB has a particular interest in enhanced security in payment and settlement systems to promote the smooth operation of payment systems and help maintain confidence in the euro and the functioning of the EU economy;
- The assessment of security arrangements and incident notifications for payment and settlement systems and payment service providers is one of the core competencies of prudential supervisors and central banks. Responsibility for developing oversight requirements in the payment and settlement areas should remain with these authorities, and should not be subject to potentially conflicting requirements imposed by other national authorities; and
- Provisions in the proposed Directive should not prejudice the standards in other pieces of EU legislation, particularly in European Markets Infrastructure Regulation. Also, provisions should not interfere with the tasks of the European Banking Authority, the European Securities and Markets Authority or any other prudential supervisor