Network and Information Security (NIS) Directive

On August 2016, the European Parliament adopted the Network and Information Security (NIS) Directive as part of the EU’s push towards establishing a higher standard of cybersecurity for European organizations. Specifically, the NIS Directive is meant to ensure the security of essential services and utilities and digital market industries for business continuity and citizens’ safety. The NIS Directive entails that operators and providers of services in these industries adopt tougher cybersecurity solutions to counter modern and evolving cyberthreats. The Directive also calls for measures to minimize the impact of incidents, new notification procedures, as well as the establishment of national committees to oversee compliance and coordinate with other EU members.

It will cover the following critical sectors:

  • Energy
  • Transportation
  • Banking and finance
  • Healthcare
  • Water
  • Digital infrastructure

Digital service providers within its scope include:

  • Online marketplaces
  • Cloud computing services
  • Search engines

The Directive is meant to be transposed into national legislation by EU members, that is, each State will have its own distinct interpretation and can introduce new provisions into existing legislation or pass new laws.