The proposed Directive is aimed at improving cyber security across the EU by establishing minimum security standards for organisations which provide key infrastructure (such as energy, transport, banking, health and agriculture) and internet services (for example cloud computing and ecommerce platforms, search engines and social media networks) and also implementing more robust reporting obligations in the event of a security breach.
To achieve this objective, the proposed Directive seeks to:• establish a minimum common level of NIS incidents, which will involve EU Member States adopting a NIS strategy and designating a national NIS competent authority with adequate resources to prevent, handle and respond to risks and incidents;• improve cooperation between Member States to combat cross-border threats. This will require the creation of cooperation mechanisms and information-sharing through a secure infrastructure; • impose minimum security standards and notification obligations in the event of a security breach. These obligations will require critical infrastructure operators, enablers of information society services, and public administrations to guarantee a level of security appropriate to the NIS risks posed and to notify the competent NIS authority of incidents which have an impact on the security of their core services. The proposed Directive also provides that Member States will set out sanctions which are “effective, proportionate and dissuasive” to ensure compliance with these obligations.
The NIS Directive was proposed by the European Commission on February 2013 as part of its cybersecurity strategy for the European Union.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now