In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading
The Council of the European Union adopted the EU Network and Information Security (NIS) Directive (the ‘Directive’) 17 May, ready for final adoption by the European Parliament. The Directive, initially proposed in 2013, has been progressing through the EU legislative procedure for some time. As we reported in December last year, the Directive covers the … Continue Reading
After almost three years, consensus has been finally reached on the text of the Network and Information Security (“NIS”) Directive, the first-ever, EU-wide cyber security regulation. The NIS Directive (or Cybersecurity Directive) lays down baseline cybersecurity and mandatory breach reporting obligations on critical infrastructure operators and digital service providers across the EU. The Directive also … Continue Reading
On 25 July 2015 in Germany, the new IT Security Act entered into force. The law aims to improve IT security in companies and public bodies, especially in the field of critical infrastructure, thus stipulating minimum security standards and reporting obligations for operators and providers of communication systems. The law will affect institutions listed as … Continue Reading
U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to … Continue Reading
In July, the European Commission (‘Commission’) published a communication titled “Towards a thriving data-driven economy” (‘Communication’), setting out the conditions that it believes are needed to establish a single market for big data and cloud computing. The Communication recognizes that the current legal environment is overly complex, creating “entry barriers to SMEs and [stifling] innovation.” … Continue Reading
The Cyber Security Directive (formally known as the Network & Information Security Directive) (the Directive) was considered by the European Parliament (the Parliament) in March. After a first reading of the Directive, MEPs voted strongly in favour of its progression to the next stage of the legislative process. This will involve negotiations between the European … Continue Reading
The Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament has published the latest draft of the proposed Network and Information Security (NIS) Directive (the ‘Directive’) following a series of amendments by MEPs. The proposal for the Directive was first published by the European Commission 7 February 2013 as part of … Continue Reading
ENISA, the European Union Agency for Network and Information Security, has released a series of reports and guidance tackling the topic of cyber security. ENISA Threat Landscape (ETL) Report 2013 The report reviews more than 250 incidents of cyber attacks that took place in 2013. A table in the report analyses fluctuations in the top … Continue Reading
The UK Government Department for Business, Innovation and Skills (BIS) has issued an impact assessment (IA) at the end of September on the draft Network and Information Security Directive (the Directive) proposed by the European Commission on 7 February 2013. The Directive aims to achieve a common high level of network and information security across … Continue Reading
Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive. … Continue Reading
The European Network and Information Security Agency (“ENISA”) has published its first independent overview of how the cyberthreat landscape has evolved over the past few years. The report identifies the most common and dangerous cyberthreats, the methods used by malicious users and potential avoidance measures for web users. ENISA’s findings have ramifications from both an … Continue Reading
On Monday, 11 February, Greg Clark, Financial Secretary to the UK Treasury, announced in the House of Commons that the Financial Services Authority (“FSA”) will head up a new government benchmarking scheme regarding cybersecurity for the UK financial services sector. The financial sector is coming under increased scrutiny in recent months with the European Central … Continue Reading
On 7 February, the European Commission published an EU Cyber Security Strategy encompassing a proposed Directive on Network and Information Security. The aim of the Strategy and Directive is to ensure a secure and trustworthy digital environment while promoting and protecting fundamental rights, including data protection, democracy and the rule of law. The proposed NIS … Continue Reading