Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union

Author (Corporate) ,
Series Title
Series Details L 194, Pages 1-30
Publication Date 19/07/2016
Content Type , , ,


Directive (EU) 2016/1148 - adopted by the co-legislators on 6 July 2016 - setting out a number of measures aimed at boosting the level of security of network and information systems (NIS) to secure services vital to the economy and society across the European Union (EU). It is also known as NIS Directive.

Further information:

The Directive proposes a set of measures to enhance the level of security of network and information systems. It aims to ensure that EU Member States are well-prepared and are ready to handle and respond to cyberattacks through:

  • the designation of competent authorities,
  • the set-up of computer-security incident response teams (CSIRTs), and
  • the adoption of national cybersecurity strategies.

It also establishes EU-level cooperation both at strategic and technical level. Lastly, it introduces the obligation on essential-services providers and digital service providers to take the appropriate security measures and to notify the relevant national authorities about serious incidents.

The proposal for this Directive was tabled by the European Commission on 7 February 2013, alongside a Joint Communication on a European Cybersecurity Strategy. The European Parliament adopted its negotiating position in March 2014. The trilogue negotiations faced challenges and were re-launched in March 2015. A breakthrough was found in June and an informal agreement between the co-legislators on a compromise text was announced in December 2015. The Council of the European Union formally backed that text on 17 May 2016, followed by the European Parliament on 5 July. The co-legislators signed the Act on 6 July 2016, which was published in the Official Journal on 19 July 2016. The Directive entered into force in August 2016 as the first horizontal EU cybersecurity legal act.

Source Link
Related Links
Commentary and Analysis
EurActiv: Policy Briefs, November 2012: Cybersecurity: Protecting the digital economy
EUObserver: Opinion, 16/04/2015: Cyber space needs stronger rule of law
KPMG: Complying with the European NIS Directive (2019)
Deloitte: Developing cybersecurity capabilities for the EU NIS Directive (April 2020)
EPRS: Briefing, November 2020: Directive on security of network and information systems (NIS Directive)

EurActiv, 01/04/2015: Cyber security directive held up in face of ‘Wild West’ Internet
EurActiv, 29/05/2015: Member states see digital security as a national issue
EurActiv, 07/08/2015: New EU cybersecurity rules to hit US internet firms
EurActiv, 10/11/2015: Oettinger: Deal on cybersecurity directive close
EurActiv, 08/12/2015: EU lawmakers, countries agree on cybersecurity law
EUObserver, 08/12/2015: EU to force firms to report major cyber attacks
Politico, 08/12/2015: Negotiators strike deal on EU cybersecurity law
BBC News, 08/12/2015: Europe agrees response to cyber-attacks
EurActiv, 26/04/2016: Commission wants member states to trust each other more on cybersecurity
EurActiv, 06/06/2016: New EU digital laws could boost specialised cybersecurity insurance

EUR-Lex: COM(2013)48: Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union
EUR-Lex: SWD(2013)31: Executive summary of the impact assessment
EUR-Lex: SWD(2013)32: Impact assessment
European Parliament: Legislative Observatory: Procedure File for Proposal on High common level of network and information security across the Union. NIS Directive
European Commission: The Directive on security of network and information systems (NIS Directive)
EU ENISA: Topics: NIS Directive
European Commission: Press Release, 07/02/2013: EU Cybersecurity plan to protect open internet and online freedom and opportunity
European Commission: Memo, 07/02/2013: Proposed Directive on Network and Information Security – frequently asked questions
European Commission: Remarks by EC Vice-President Neelie Kroes - Using cybersecurity to promote European values (7 February 2013)
European Commission: Remarks by High Representative Catherine Ashton at press conference on the launch of the EU's Cyber Security Strategy (7 February 2013)
European Commission: Remarks by EU Commissioner for Home Affairs Cecilia Malmström - Stepping up the fight against cybercriminals to secure a free and open Internet (7 February 2013)
European Commission: Statement, 13/03/2014: Great news for cyber security in the EU: The EP successfully votes through the Network & Information Security (NIS) directive
Council of the European Union: Press Release, 11/03/2015: Network and information security: presidency re-launches talks with EP
Council of the European Union: Press Release, 26/09/2015: Network and information security: breakthrough in talks with EP
European Parliament: Press Release, 07/12/2015: MEPs close deal with Council on first ever EU rules on cybersecurity
European Commission: Press Release, 08/12/2015: Commission welcomes agreement to make EU online environment more secure
Council of the European Union: Press Release, 08/12/2015: First EU-wide rules to improve cybersecurity: deal with EP
European Parliament: Headlines, 13/01/2016: Cyber security: "Without fair protection at European level, we will be in trouble"
European Parliament: Press Release, 14/01/2016: First-ever EU-wide cyber-security rules backed by Internal Market Committee
Council of the European Union: Press Release, 17/05/2016: EU-wide cybersecurity rules adopted by the Council
European Parliament: Headlines, 05/07/2016: Cyber security: new rules to protect Europe's infrastructure
European Parliament: Press Release, 06/07/2016: Cybersecurity: MEPs back rules to help vital services resist online threats
European Commission: Statement, 06/07/2016: Statement by Vice-President Ansip and Commissioner Oettinger welcoming the adoption of the first EU-wide rules on cybersecurity
European Commission: Memo, 06/07/2016: Directive on Security of Network and Information Systems

Subject Categories , ,
Subject Tags ,
International Organisations