On the 17th May last the European Union Council adopted the Network and Information Security (NIS) Directive, which is expected to be approved by the European Parliament in the summer and be published shortly thereafter.

The NIS Directive mirrors the equivalent cyber security legislation in the USA and provides for each EU member state to implement cyber security systems, take steps to reduce cyber-crime, support cyber technologies and defend the EU from the increase in cyber warfare.

Each member state will be required to develop Computer Emergency Response Teams (CERTs) as well as supporting the digital economy from cyber-attacks.

Businesses will need to understand the implications for them of the NIS Directive particularly regarding cyber security policies and procedures, training and liability arising from cyber-attacks.