The European Parliament approved the Network and Information Security Directive, which imposes data security and incident reporting requirements on two categories of providers:  (1) “operators of essential services,” and (2) “digital service providers.”  It also creates various requirements for EU Member States aimed at increasing security and cooperation within the EU on cybersecurity issues, including prevention, management, and response to incidents.  The NIS Directive will enter into force 20 days after its publication in the Official Journal of the European Union, after which EU countries will have 21 months to adopt its provisions in their national laws and six months more to identify operators of essential services.