The EU’s institutions reached a political agreement on the first EU-wide legislation on cybersecurity in order to strengthen network and information security (NIS) across the EU.
Under the NIS directive, operators of essential services (such as energy, transport, finance and health) and digital service providers will need to inform national authorities about major security incidents. However, different requirements will be imposed to the two categories.
These requirements will be stronger for operators than for providers of digital services. This reflects the degree of risk that significant disruptive effects could have on public safety.
The EU Parliament is expected to approve the agreement on December 17 and the Council the following day. Then, member states will have 21 months from the directive's entry into force to adopt the necessary national provisions.