European Parliament formally adopts Cybersecurity Directive

On 6 July, 2016, the Network and Information Security directive (the “NIS Directive”) was adopted by the European Parliament at second reading. This follows on from formal adoption by the European Council on 17 May, 2016.

The NIS Directive was hailed by Andreas Schwab (the European Parliament’s rapporteur) as a “huge success and a big first step to establishing a comprehensive regulatory framework for platforms in the EU“. In addition, Members of the European Parliament stated that having harmonized cybersecurity standards and increased co-operation between Member States should help organisations protect themselves against cyber attacks and should also help to prevent attacks on Member States.

The key elements of the NIS Directive include:

a requirement for “operators of essential services” in critical infrastructure sectors (e.g. energy, transportation, healthcare and banking) and digital service providers (e.g. search engine operators, cloud computing services and ecommerce platforms) to implement appropriate technical and organisational measures to manage security risks and to notify the national competent authority of serious incidents;
the adoption by Member States of a national strategy to include policies and measures to maintain a level of network and information security;
the designation of a national competent authority to implement and enforce the NIS Directive and create Computer Security Incident Response Teams (“CSIRT“) responsible for investigating data security incidents and cybersecurity risks; and
the creation of a Cooperation Group to support and facilitate strategic cooperation and information exchange between Member States and a CSIRT Network to “promote swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks.”

The NIS Directive is expected to be published in the EU Official Journal very soon and will enter into force on the 20th day after its publication. Member States will then have 21 months (i.e. by April 2018) to transpose the provisions of the NIS Directive into national laws and an additional 6 months to formally identify their operators of essential service.

Register now for your free, tailored, daily legal newsfeed service.

European Parliament formally adopts Cybersecurity Directive
Blog Data Matters

Filed under

Topics

Organisations

Popular articles from this firm

UK/EU Investment Management Update (May 2023) *

European Parliament’s position on the AI act moots Significant Changes *

Clinical decision support software approach updated in the U.S. but still confused in Europe *

Proposal for EU Artificial Intelligence Act Passes Next Level - Where Do We Stand and What’s Next? *

May Antitrust Bulletin: Top-of-Mind Global Antitrust Issues *

More from Data Matters

UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation

New EU Cyber Law for the Financial Services Industry with Significant Impact on ICT Service Providers

U.S. Department of Commerce Seeks Input on AI Policy, Calls Trustworthy AI an Important Federal Objective

Washington State Enacts My Health My Data Act, Broadly Regulating Health-Related Data With a Private Right of Action

Compliance Updates for Employer’s use of Automated Decisionmaking Tools: New York City Finalizes Rules on Automated Employment Decision Tools and Sets Enforcement Date for July 5, 2023, Upcoming California Regulations, and Federal Guidance

Related practical resources PRO

Related research hubs