After almost three years, consensus has been finally reached on the text of the Network and Information Security (“NIS”) Directive, the first-ever, EU-wide cyber security regulation. The NIS Directive (or Cybersecurity Directive) lays down baseline cybersecurity and mandatory breach reporting obligations on critical infrastructure operators and digital service providers across the EU.
The Directive also envisages a “strategic cooperation group”, with the aim of encouraging Member States to exchange information and best practices on cybersecurity breaches. In addition, Member States will be required to set up Computer Security Incident Response Teams (CSIRTs) to handle incidents and identify coordinated responses alongside the other Member States.
The announcement, which was made 7 December 2015, has been a long time coming. Work on the Directive first began in February 2013, and has since been under trilogue negotiations between the European Commission, Parliament and Council.
Continue Reading A New EU Era of Cybersecurity on the Horizon