The directive obliges companies providing basic services in vital sectors and providers of key digital services to protect their information systems and report cyber security incidents to national authorities.
The European Commission launched a public consultation on Tuesday, July 7, on the revision of the Network and Information Systems Security Directive (NIS Directive). Since the Directive came into force in 2016, the cyber security environment has changed significantly and new forms of threats have developed.
The European Commission is starting the revision of the NIS Directive with a public consultation aimed at gathering opinions on its implementation so far and the impact of possible future changes. The consultation will be open until October 2, 2020, and through this process the opinions and experiences of all interested stakeholders and citizens are sought.
“As our daily lives and the economy become increasingly dependent on digital solutions, we need a culture of superior security in vital sectors that rely on information and communication technologies,” said Margrethe Vestager, Executive Vice President of the European Commission.
European Commission Vice-President Margaritis Schinas emphasized that the revision of the Network and Information Systems Directive is an integral part of the European Union’s next security strategy, which will provide the EU with a coordinated and horizontal approach to security challenges.
“The coronavirus crisis has highlighted the importance of ensuring the resilience of our network infrastructure, especially in sensitive sectors such as health,” said Internal Market Commissioner Thierry Breton.
“This consultation is an opportunity for stakeholders to inform the Commission of the state of preparedness of cybersecurity companies and organizations and suggest ways to improve it.” Since its adoption, the NIS Directive has ensured that Member States are better prepared for cyber incidents and increased their cooperation through the NIS Cooperation Group.
The directive obliges companies providing basic services in vital sectors – energy, transport, banking, financial market infrastructure, healthcare, water supply and distribution and digital infrastructure – as well as key digital service providers such as browsers, cloud computing services or network services to protect their information systems and national authorities report major cyber security incidents.