On July 6, 2016, the European Parliament adopted the NIS Directive. The NIS Directive will enter into force August 2016 and the EU Member States will have 21 months (until May 2018) to implement the NIS Directive into their national laws. The NIS Directive sets a minimum level of cybersecurity measures for so-called operators of essential services and for digital service providers in all EU Member States. Among other things, operators of essential services and digital service providers will have to provide for appropriate and necessary measures to prevent and defend against cyber attacks, and will have to report significant cyber incidents. In 2013, the Commission started the legislative process with its proposal of a NIS Directive to impose a common level of network and information security in the EU. To read more about the NIS Directive as an important legal instrument on cybersecurity, its scope of application, and the legal conditions to be transposed into national laws, please see our previous GT Alert, EU Network and Information Security Directive Expected to Enter into Force August 2016: Will Your EU Operations be Affected?