Revision of the NIS Directive

Revision of the NIS Directive

The NIS Directive has been instrumental in increasing the cyber-resilience of the EU. As the first piece of legislation concerning EU-wide cybersecurity, the NIS Directive is the acknowledgment that incidents in one Member State can have significant cross-border impacts, hence requiring a common level of cybersecurity throughout the EU. The revision of the NIS Directive, together with the other EU cybersecurity initiatives, is an opportunity to foster Europe’s Digital Sovereignty.

The deadline for transposition of the NIS Directive dates back from two years ago -9 May 2018- but there are already elements pointing towards a need for amendments. This is the case for the identification process of Operators of Essential Services (OES), but also the lack of identification of Digital Service Providers (DSPs). There are also vital sectors for society which are currently not included in the NIS Directive (eGovernment, telecommunications etc.). Finally, compliance with the NIS security requirements would be strongly enhanced with a mandatory certification of security products used by OES and DSPs.  

Eurosmart calls for a revision of the NIS Directive that would repeal the current Directive and lead to the adoption of a NIS Regulation. The adoption of a regulation would foster harmonisation across the EU and hence resolve fragmentation issues, such as different sets of security requirements and diverging identification methods.

However, the functioning of the NIS cooperation group should be maintained. In addition, the decisions and technical documents of the NIS cooperation group should be translated into legally binding documents.