On July 6, the European Union (EU) approved cybersecurity rules that will require certain businesses, including those in financial service and digital service providers, to maintain security and report cybersecurity incidents. The new laws, referred to as the Network and Information Security (NIS) Directive, are intended to establish “harmonized” security and reporting requirements for “operators of essential services,” which EU member states will identify based on certain criteria, such as whether the service is “critical for society and the economy and whether an incident would have significant disruptive effects on the provision of that service.” Certain digital service providers, such as online marketplaces, search engines, and cloud services, will also have to maintain security measures and report major incidents. The requirements are “lighter for these providers.” The NIS Directive will become effective on the twentieth day after publication in the EU Official Journal; member states “will have 21 months to transpose the directive into their national laws and six additional months to identify operators of essential services.”
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact email@example.comRegister
European Union approves cybersecurity rules
If you would like to learn how Lexology can drive your content marketing strategy forward, please email firstname.lastname@example.org.
Related topic hubs
Bed Bath & Beyond Inc
"I am a regular reader of Lexology, as are a few of my colleagues. I find the email newsfeed useful and of good quality, and in some cases directly on point with issues of concern to the company. It is important to stay current with legal developments, and the articles are a great aid toward this goal. The ability to access the articles without cost is critical and I hope Lexology continues with the good work."