Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union

Author (Corporate) ,
Series Title
Series Details L 194, Pages 1-30
Publication Date 19/07/2016
Content Type , , ,

Summary:

Directive (EU) 2016/1148 - adopted by the co-legislators on 6 July 2016 - setting out a number of measures aimed at boosting the level of security of network and information systems (NIS) to secure services vital to the economy and society across the European Union (EU). It is also known as NIS Directive.

Further information:

The Directive proposes a set of measures to enhance the level of security of network and information systems. It aims to ensure that EU Member States are well-prepared and are ready to handle and respond to cyberattacks through:

  • the designation of competent authorities,
  • the set-up of computer-security incident response teams (CSIRTs), and
  • the adoption of national cybersecurity strategies.

It also establishes EU-level cooperation both at strategic and technical level. Lastly, it introduces the obligation on essential-services providers and digital service providers to take the appropriate security measures and to notify the relevant national authorities about serious incidents.

The proposal for this Directive was tabled by the European Commission on 7 February 2013, alongside a Joint Communication on a European Cybersecurity Strategy. The European Parliament adopted its negotiating position in March 2014. The trilogue negotiations faced challenges and were re-launched in March 2015. A breakthrough was found in June and an informal agreement between the co-legislators on a compromise text was announced in December 2015. The Council of the European Union formally backed that text on 17 May 2016, followed by the European Parliament on 5 July. The co-legislators signed the Act on 6 July 2016, which was published in the Official Journal on 19 July 2016. The Directive entered into force in August 2016 as the first horizontal EU cybersecurity legal act.

Source Link http://data.europa.eu/eli/dir/2016/1148/oj
Related Link(s)
Commentary and Analysis
EurActiv: Policy Briefs, November 2012: Cybersecurity: Protecting the digital economy https://www.euractiv.com/section/digital/linksdossier/cybersecurity-protecting-the-digital-economy/
EUObserver: Opinion, 16/04/2015: Cyber space needs stronger rule of law https://euobserver.com/opinion/128342
KPMG: Complying with the European NIS Directive (2019) https://assets.kpmg/content/dam/kpmg/nl/pdf/2019/advisory/complying-with-the-eu-nis-directive.pdf
Deloitte: Developing cybersecurity capabilities for the EU NIS Directive (April 2020) https://www2.deloitte.com/content/dam/Deloitte/be/Documents/risk/Deloitte%20Belgium_Developing%20cybersecurity%20capabilities.pdf
EPRS: Briefing, November 2020: Directive on security of network and information systems (NIS Directive) https://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2020)654198

News
EurActiv, 01/04/2015: Cyber security directive held up in face of ‘Wild West’ Internet https://www.euractiv.com/section/digital/news/cyber-security-directive-held-up-in-face-of-wild-west-internet/
EurActiv, 29/05/2015: Member states see digital security as a national issue https://www.euractiv.com/section/digital/news/member-states-see-digital-security-as-a-national-issue/
EurActiv, 07/08/2015: New EU cybersecurity rules to hit US internet firms https://www.euractiv.com/section/digital/news/new-eu-cybersecurity-rules-to-hit-us-internet-firms/
EurActiv, 10/11/2015: Oettinger: Deal on cybersecurity directive close https://www.euractiv.com/section/digital/news/oettinger-deal-on-cybersecurity-directive-close/
EurActiv, 08/12/2015: EU lawmakers, countries agree on cybersecurity law https://www.euractiv.com/section/digital/news/eu-lawmakers-countries-agree-on-cybersecurity-law/
EUObserver, 08/12/2015: EU to force firms to report major cyber attacks https://euobserver.com/digital/131427
Politico, 08/12/2015: Negotiators strike deal on EU cybersecurity law https://www.politico.eu/article/negotiators-strike-deal-on-eu-cybersecurity-legislation/
BBC News, 08/12/2015: Europe agrees response to cyber-attacks https://www.bbc.co.uk/news/technology-35038424
EurActiv, 26/04/2016: Commission wants member states to trust each other more on cybersecurity https://www.euractiv.com/section/digital/news/commission-wants-member-states-to-trust-each-other-more-on-cybersecurity/
EurActiv, 06/06/2016: New EU digital laws could boost specialised cybersecurity insurance https://www.euractiv.com/section/digital/news/new-eu-digital-laws-could-boost-specialised-cybersecurity-insurance/

Official
EUR-Lex: COM(2013)48: Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2013:048:FIN
EUR-Lex: SWD(2013)31: Executive summary of the impact assessment http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2013:031:FIN
EUR-Lex: SWD(2013)32: Impact assessment http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=SWD:2013:032:FIN
European Parliament: Legislative Observatory: Procedure File for Proposal on High common level of network and information security across the Union. NIS Directive https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2013/0027(COD)
European Commission: The Directive on security of network and information systems (NIS Directive) https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive
EU ENISA: Topics: NIS Directive https://www.enisa.europa.eu/topics/nis-directive
European Commission: Press Release, 07/02/2013: EU Cybersecurity plan to protect open internet and online freedom and opportunity https://ec.europa.eu/commission/presscorner/detail/en/IP_13_94
European Commission: Memo, 07/02/2013: Proposed Directive on Network and Information Security – frequently asked questions https://ec.europa.eu/commission/presscorner/detail/en/MEMO_13_71
European Commission: Remarks by EC Vice-President Neelie Kroes - Using cybersecurity to promote European values (7 February 2013) https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_13_104
European Commission: Remarks by High Representative Catherine Ashton at press conference on the launch of the EU's Cyber Security Strategy (7 February 2013) https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_13_108
European Commission: Remarks by EU Commissioner for Home Affairs Cecilia Malmström - Stepping up the fight against cybercriminals to secure a free and open Internet (7 February 2013) https://ec.europa.eu/commission/presscorner/detail/en/SPEECH_13_105
European Commission: Statement, 13/03/2014: Great news for cyber security in the EU: The EP successfully votes through the Network & Information Security (NIS) directive https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_14_68
Council of the European Union: Press Release, 11/03/2015: Network and information security: presidency re-launches talks with EP https://www.consilium.europa.eu/en/press/press-releases/2015/03/11/network-information-security-presidency-re-launches-talks-with-ep/
Council of the European Union: Press Release, 26/09/2015: Network and information security: breakthrough in talks with EP https://www.consilium.europa.eu/en/press/press-releases/2015/06/29/network-information-security/
European Parliament: Press Release, 07/12/2015: MEPs close deal with Council on first ever EU rules on cybersecurity https://www.europarl.europa.eu/news/en/press-room/20151207IPR06449/
European Commission: Press Release, 08/12/2015: Commission welcomes agreement to make EU online environment more secure https://ec.europa.eu/commission/presscorner/detail/en/IP_15_6270
Council of the European Union: Press Release, 08/12/2015: First EU-wide rules to improve cybersecurity: deal with EP https://www.consilium.europa.eu/en/press/press-releases/2015/12/08/improve-cybersecurity/
European Parliament: Headlines, 13/01/2016: Cyber security: "Without fair protection at European level, we will be in trouble" https://www.europarl.europa.eu/news/en/headlines/economy/20160113STO09602/
European Parliament: Press Release, 14/01/2016: First-ever EU-wide cyber-security rules backed by Internal Market Committee https://www.europarl.europa.eu/news/en/press-room/20160114IPR09801
Council of the European Union: Press Release, 17/05/2016: EU-wide cybersecurity rules adopted by the Council https://www.consilium.europa.eu/en/press/press-releases/2016/05/17/wide-cybersecurity-rule-adopted/
European Parliament: Headlines, 05/07/2016: Cyber security: new rules to protect Europe's infrastructure https://www.europarl.europa.eu/news/en/headlines/security/20160701STO34371/
European Parliament: Press Release, 06/07/2016: Cybersecurity: MEPs back rules to help vital services resist online threats https://www.europarl.europa.eu/news/en/press-room/20160701IPR34481/
European Commission: Statement, 06/07/2016: Statement by Vice-President Ansip and Commissioner Oettinger welcoming the adoption of the first EU-wide rules on cybersecurity https://ec.europa.eu/commission/presscorner/detail/en/STATEMENT_16_2424
European Commission: Memo, 06/07/2016: Directive on Security of Network and Information Systems https://ec.europa.eu/commission/presscorner/detail/en/MEMO_16_2422

Subject Categories , ,
Subject Tags ,
Keywords
International Organisations