Tag Archives: Network and Information Security (NIS) Directive

NIS Directive to be implemented in UK despite Brexit

In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading

The Network and Information Security Directive: Serious Cyber Attacks Will Require Notification

The Council of the European Union adopted the EU Network and Information Security (NIS) Directive (the ‘Directive’) 17 May, ready for final adoption by the European Parliament. The Directive, initially proposed in 2013, has been progressing through the EU legislative procedure for some time. As we reported in December last year, the Directive covers the … Continue Reading

A New EU Era of Cybersecurity on the Horizon

After almost three years, consensus has been finally reached on the text of the Network and Information Security (“NIS”) Directive, the first-ever, EU-wide cyber security regulation. The NIS Directive (or Cybersecurity Directive) lays down baseline cybersecurity and mandatory breach reporting obligations on critical infrastructure operators and digital service providers across the EU. The Directive also … Continue Reading

Germany passes new cyber-security law

On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading

Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading

European Commission releases communication on building a data-driven economy, calling for a rapid conclusion to data-protection reform

In July, the European Commission (‘Commission’) published a communication titled “Towards a thriving data-driven economy” (‘Communication’), setting out the conditions that it believes are needed to establish a single market for big data and cloud computing. The Communication recognizes that the current legal environment is overly complex, creating “entry barriers to SMEs and [stifling] innovation.” … Continue Reading

The EU Cyber Security Directive: Latest Developments

The Cyber Security Directive (formally known as the Network & Information Security Directive) (the Directive) was considered by the European Parliament (the Parliament) in March. After a first reading of the Directive, MEPs voted strongly in favour of its progression to the next stage of the legislative process. This will involve negotiations between the European … Continue Reading

LIBE Publishes Amendments to Draft Proposal for a Network and Information Security Directive

The Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament has published the latest draft of the proposed Network and Information Security (NIS) Directive (the ‘Directive’) following a series of amendments by MEPs. The proposal for the Directive was first published by the European Commission 7 February 2013 as part of … Continue Reading

Department for Business, Innovation & Skills Publishes Impact Assessment for European Commission Proposed Cybersecurity Directive

The UK Government Department for Business, Innovation and Skills (BIS) has issued an impact assessment (IA) at the end of September on the draft Network and Information Security Directive (the Directive) proposed by the European Commission on 7 February 2013. The Directive aims to achieve a common high level of network and information security across … Continue Reading

UK ICO criticises elements of the proposed EU cybersecurity Directive

Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive. … Continue Reading

European Network and Information Security Agency (ENISA) publish report on the cybersecurity threat landscape.

The European Network and Information Security Agency (“ENISA”) has published its first independent overview of how the cyberthreat landscape has evolved over the past few years. The report identifies the most common and dangerous cyberthreats, the methods used by malicious users and potential avoidance measures for web users. ENISA’s findings have ramifications from both an … Continue Reading

The UK Financial Services Authority is heading up a cybersecurity review of 30 major financial institutions

On Monday, 11 February, Greg Clark, Financial Secretary to the UK Treasury, announced in the House of Commons that the Financial Services Authority (“FSA”) will head up a new government benchmarking scheme regarding cybersecurity for the UK financial services sector. The financial sector is coming under increased scrutiny in recent months with the European Central … Continue Reading

EU Proposed Directive on Network and Information Security

On 7 February, the European Commission published an EU Cyber Security Strategy encompassing a proposed Directive on Network and Information Security. The aim of the Strategy and Directive is to ensure a secure and trustworthy digital environment while promoting and protecting fundamental rights, including data protection, democracy and the rule of law. The proposed NIS … Continue Reading
LexBlog