|
The functioning of the NIS Directive is currently being evaluated by a consortium composed of CEPS, Wavestone and ICF. The evaluation will elaborate on the lessons learned from the implementation of the NIS Directive and identify persisting and emerging issues affecting the functioning of the Directive. It will feed into an Impact Assessment later this year.
The European Commission indicated in its 2020 Work Programme that the ongoing review of the directive shall be completed by the end of the year. A new legal act might be proposed following this evaluation.
According to the Inception Impact Assessment:
“At this preliminary stage of reflection, the Commission is considering the following possible policy options […]:
1) The baseline scenario used as a benchmark for the assessment of the policy options is the current situation including the expected evolution in the implementation of the NIS Directive.
2) Non-legislative measures could be considered as a stand-alone policy option aiming to support certain elements of the current Directive. In particular, guidelines could address less harmonised areas of the Directive such as the identification of operators of essential services with the purpose of avoiding significant inconsistencies in the application of provisions leading to fragmentation in the regulatory landscape.
3) A second option of regulatory intervention could consist in introducing targeted changes to the current NIS Directive with a view to clarifying certain provisions and improving harmonisation of the current rules. In particular, the Commission could propose to amend some definitions used for the purposes of the Directive, introduce more harmonised elements in the process of identification of operators of essential services, as well as expand the scope of the Directive with the aim to cover other sectors or services, which are equally essential for the functioning of the society and economy as the operators of essential services and the digital service providers in the scope of the current Directive.
4) Another policy option could be a legislative act that would repeal the NIS Directive, and that would aim to achieve a higher level of harmonisation and consistency by means of more detailed and precise rules. It would streamline to a large extent processes and requirements introduced by the NIS Directive framework and thus reduce significantly the fragmentation of the internal market. Furthermore, it would extend the scope of the Directive to other sectors or services not currently covered by the Directive while introducing new policy measures such as in the area of information sharing in order to meet better the needs for increased cybersecurity. “
The Impact Assessment will investigate the various policy options, including non-legislative measures and possible regulatory interventions, as well as a combination of the two.
Eurosmart has taken part in the previous workshops organised by CEPS, Wavestone and ICF to gather views from the stakeholders. Eurosmart will provide its views as part of this feedback period and will take part in the consultation process.
Next steps:
16 July: stakeholder workshop organised by CEPS, ICF and Wavestone
25 June-13 August: feedback period
Q3 2020: public consultation
Q4 2020: review completed, potential proposal for a new legal act
For any questions on this issue, do not hesitate to contact Camille Dornier: camille.dornier@eurosmart.com |
