In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the UK’s implementation of the NIS Directive will be released in 2017.
Continue Reading NIS Directive to be implemented in UK despite Brexit
Digital Service Providers
A New EU Era of Cybersecurity on the Horizon
After almost three years, consensus has been finally reached on the text of the Network and Information Security (“NIS”) Directive, the first-ever, EU-wide cyber security regulation. The NIS Directive (or Cybersecurity Directive) lays down baseline cybersecurity and mandatory breach reporting obligations on critical infrastructure operators and digital service providers across the EU.
The Directive also envisages a “strategic cooperation group”, with the aim of encouraging Member States to exchange information and best practices on cybersecurity breaches. In addition, Member States will be required to set up Computer Security Incident Response Teams (CSIRTs) to handle incidents and identify coordinated responses alongside the other Member States.
The announcement, which was made 7 December 2015, has been a long time coming. Work on the Directive first began in February 2013, and has since been under trilogue negotiations between the European Commission, Parliament and Council.
Continue Reading A New EU Era of Cybersecurity on the Horizon