As part of the eu cybersecurity strategy the european commission proposed the eu network and information security directive. Genesis, status, and key aspects what is the nis directive. Under the directive, member states are required to. The european union agency for cybersecurity selfdesignation enisa from the abbreviation of its original name is an agency of the european union. Eu directive on network and information security nis. Timelines set for eu directive on network and information. Jul 07, 2016 on july 6, 2016, the european parliament adopted the directive on security of network and information systems, which will come into force in august 2016.
Efforts to coordinate and enhance cybersecurity across the european union eu have taken a step forward with the publication on 19 july 2016 of the new network and information security directive 20161148eu the directive in the official. The nis directive seeks to achieve a high common level of security of network and information systems throughout the eu by taking a three pronged approach. The directive on security of network and information systems. Deloitte luxembourg first analysis of the eu network and information security nis directive. The national institute of standards and technology nist information security related publications are. These regulations implement directive eu 20161148 of the european parliament and of the council concerning measures for a high common level of security of network and information systems across the union oj no l194, 19.
As if business leaders really needed another reason to look again at cyber security, theyre about to get one in the form of the network and information security directive nisd, which was agreed on the 8th december in europe and is expected to come into force in the first half of 2016. The nis directive on network and information systems security. May 20, 2016 background on 17 may, 2016 the council of the european union, which comprises representatives of the member states national governments, formally adopted the network and information security directive directive. Network security entails protecting the usability, reliability, integrity, and safety of network and data. Apr 15, 2020 the directive on security of network and information systems the nis directive was adopted by the european parliament on 6 july 2016 and entered into force in august 2016. Deloitte solutions is a regulated entity with a support psf status, and a reliable partner for your global.
The network and information security directive in the. Directive on network and information security gustav kalbe deputy head of unit, trust and security, dg communications networks, content and technology. The directive on security of network and information systems nis directive is the first piece of cybersecurity legislation passed by the european union eu. Enisa has been supporting the organization of the cyber europe paneuropean cybersecurity exercises since 2010. The eu directive on security of network and information systems.
The network and information security nis directive aims to achieve a high common level of security of networks and information systems within the european union. The eus nis directive directive on security of network and information systems is the first piece of euwide cyber security legislation. Jan 07, 2016 political agreement on the draft network and information security nis directive, which could still be amended, was reached by meps and representatives of eu governments in early december. It aims to achieve a high common level of network and information system security across the eus critical infrastructure.
Working with the eu directive high common level of. In the uk this would likely be some branch of the security services e. Security of network and information systems public consultation august 2017 department for digital, culture, media and sport f i na l contents 1. The new network and information security directive was initiated under the 20 eu cybersecurity strategy and announced by the european commission in the digital single market strategy. Directive eu 20161148 of the european parliament and of the council of 6 july 2016 concerning measures for a high common level of security of network and information systems across the union the european parliament and the council of the european union. Improved cybersecurity capabilities at national level. Directive on security of network and information systems. As we summarised in this post, if enacted in its current form, the. The nis directive was enacted in uk law as the network and information systems. Xavier bettel, luxembourgs prime minister and minister for communications and the media, and president of the council, said. Network and information security directive privacy matters. Subsequently, the critical role of enisa in implementing the directive. Enisa ultimately strives to serve as a centre of expertise for both member states and eu institutions to seek advice on matters related to network and information security. The nis directive aims to achieve a high common level of security of networks and information systems within the eu.
The directive on security of network and information systems the nis directive was adopted by the european parliament on 6 july 2016 and entered into force in august 2016. The directive on security of network and information systems nis directive represents the first euwide rules on cybersecurity. This was accompanied by a cyber security strategy that contains non. Directive 20161148 1 on security of network and information systems the nis directive is the first horizontal legislation undertaken at european union eu level for the protection of network and information systems across the union. Eu council adopts the network and information security directive. In our recent data breach article, we discussed the need for businesses to consider both their payment card industry data security standard pci dss and legal obligations when planning for security incidents and data breach reporting. May 22, 20 the european commission published a proposal for a directive for network and information security on 7 february 20. The nis directive is part of the european commissions cybersecurity strategy for the european union, and is designed to increase cooperation between eu member states on cybersecurity issues. Directive 20161148 on security of network and information systems the nis. Agreement reached on the network and information security nis. Security requirements for operators of essential services 9 6. The directive on security of network and information systems nis directive, is the first piece of euwide legislation on cybersecurity providing some minimum standards. Jan 03, 2019 network information security directive. Improved cybersecurity capabilities at national level 2.
The network and information security directive enisas. What the network and information security directive. The network and information security directive who is in. Eu council adopts the network and information security. In addition, the nis directive establishes a network of csirts in which each member state csirt must participate.
The network and information security nis directive is a eu directive around the cyber security of critical infrastructure and. This will be achieved by requiring the member states to increase their. The directive on security of network and information systems nis. The goal is to enhance cybersecurity across the eu. Following the directive 200221ec on a common regulatory framework for electronic communications networks and services. While the nis directive is intended to achieve a high common level of network and information security across the eu, it does not provide an overly prescriptive cybersecurity regime or protocol. All about network and information systems directive. By mark young and oliver grazebrook the irish presidency of the council of the eu has published a progress report on negotiations at member state level on the eu cybersecurity strategy and proposed eu directive on network and information security nis directive. The nis directive was adopted in 2016 and subsequently, because it is an eu directive, every eu member state has started to. The nis directive is the first piece of euwide legislation on cybersecurity.
May 18, 2016 on may 17, 2016, the european council adopted its position at first reading of the network and information security directive the nis directive. Network and information security directive update this is a past event this briefing event will include an update from the department for culture, media and sport dcms on the negotiation process for the network and information security directive nis and will be a chance for affected companies to talk to dcms about the directive. Pearse ryan, paddy buckenham and niall donnelly give a full account of the proposals for the pending cybersecurity directive and the latest developments affecting it, and wonder whether it is possible to legislate for cybersecurity. After more than two years of negotiation, the european council reached an informal agreement with the parliament on december 7th 2015, and the agreed final compromise text was. Network security is not only concerned about the security of the computers at each end of the communication chain. The agency is located in athens, greece and has a second office in heraklion, greece enisa was created in 2004 by eu regulation no 4602004 under the name of european network and information. Network and information systems nis directive tombrett. Agreement reached on eu network and information security. Put in place a national framework to support and promote the security of network and. The recent adoption of new directives on information and network. The network and information security directive aka nis directive or cybersecurity directive is proposed legislation by the european commission. What cybersecurity standards are imposed by the nis directive. The nis directive was proposed by the european commission on february 7, 20, as part of its cybersecurity strategy for the european union, and is designed to increase cooperation between eu member states on cybersecurity issues.
This approval comes after the directive was significantly amended by the parliaments internal market and consumer protection committee imco. During the last decades eservices, new technologies, information systems and networks have become embedded in our daily lives. Florent frederix trust and security unit dg communications networks, content and technology, european commission cybersecurity4railconference october 4, 2017 hotel thon, brussels. Tsa may amend the security directive based on comments received.
The directive on security of network and information systems nis, that precedes gdpr, will come into effect on may 10, 2018. Csirts are national bodies to be established under the directive that will monitor and respond to security incidents at the national level and coordinate on security incidents that. On may 17, 2016, the european council adopted its position at first reading of the network and information security directive the nis directive. European parliament adopts directive on security of network. Network and information security nis directive inside privacy. The nis directive see eu 20161148 is the first piece of euwide cybersecurity legislation. This might include additional contingency capability such as manual. The european commission published a proposal for a directive for network and information security on 7 february 20. The network and information security nis directive. The network and information systems regulations 2018. Member states have to transpose the directive into their national laws by 9 may 2018 and identify operators of essential services by 9 november 2018. The nis directive was adopted by the european parliament on 6 july 2016.
Working with the eu directive high common level of network. The aim of the proposed directive is to ensure a high common level of network and information security nis. Directive on security of network and information systems nis directive. This means improving the security of the internet and the private networks and information systems underpinning the functioning of our societies and economies. The eu directive on security of network and information systems nis directive the nis directive is the first piece of euwide legislation on cybersecurity. European parliament adopts directive on security of. This file may not be suitable for users of assistive technology. Mar 16, 2015 the directive on security of network and information systems the nis directive was adopted by the european parliament on 6 july 2016.
Agreement reached on new eu network information security nis directive. Network and information security nis directive inside. Directive on security of network and information systems nis dr. We recommend that you read the draft eu directive on network and information security published 7th february 20 before submitting evidence on this call. Oettinger, have issued a statement at this occasion. What is the nis directive and when will it come into force. The nis directive entered into force in july 2016 and needed to be implemented by may 2018. This european directive aims at creating equivalent rules in the european union member states to securitize networks and information systems. Having regard to the state of the art, those measures. It provides legal measures to boost the overall level of cybersecurity in the eu. Agreement reached on eu network and information security nis. Directive 20161148, the nis or network and information security directive was adopted on 6 july 2016 by the parliament and the council of the european union to fill the numerous existing cyber security gaps.
Security of network and information systems government response to public consultation january 2018 department for digital, culture, media and sport f i na l contents 1. The directive was adopted on july 6, 2016 and its aim is to achieve a high common standard of network and information security across all eu member states. The directive sets out security obligations for certain type of organisations and also includes a security incident reporting requirement. Security requirement oes appropriate and proportional technical and organisational measures to manage the risks posed to the security of networks and information systems which they use in their operations. The directive on security of network and information systems the nis directive was adopted by the european parliament on 6 july 2016. Background on 17 may, 2016 the council of the european union, which comprises representatives of the member states national governments, formally adopted the network and information security directive directive. Nis directive, is the first piece of euwide legislation on cybersecurity providing.
Aug 08, 2016 in this article we discuss the recently published eu directive on network and information security nis directive. Timelines set for eu directive network and information security. Directive on security of network and information systems nis. Member states can always adopt a higher level of security. Submission of a comment does not delay the effective date of the security directive. Interim guidance for operators of essential services in. It aims to create a single competent authority in each member state to deal with information security issues. The directive will enter into force in august 2016. In this article we discuss the recently published eu directive on network and information security nis. The network and information security directive is the european commissions proposed directive concerning measures to ensure a high common level of network and information security across the eu. With respect to the manual responses only 12 were used though. The objective of the directive is to achieve a high common level of security of network and information systems within the eu, by means of.
Nisd networking and information systems nis directive. European commission vicepresident andrus ansip, responsible for the digital single market, and commissioner gunther h. Network and information security directive org wiki. The eu directive on security of network and information. It covers all operations including the security, integrity and resilience of network and information systems. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed. As the european union braces for some shelling with its gdpr cannon, theres something for the digital service providers and businesses, especially those in online operations, as well. In order to promote advanced security of network and information systems, the cooperation group should, where appropriate, cooperate with relevant union institutions, bodies, offices and agencies, to exchange knowhow and best practice, and to provide advice on security aspects of network and information systems that might have an impact on. Eu directive on network and information security nisdirective. The directive aims to create an even standard for network and data security for all member states. Directive on security of network and information systems, the first euwide legislation on cybersecurity brussels, 4 may 2018 european commission fact sheet 9 may is the deadline for the member states to transpose into national laws the directive on. The security of network and information systems directive known as the nis directive provides legal measures to protect essential services and infrastructure by improving the security of their network and information systems.
1273 838 1065 692 432 241 162 209 26 1346 307 63 1388 552 1251 1616 615 953 890 1490 748 315 616 39 1075 1441 1561 453 382 739 144 1445 1291 211 1058 1234 348 1113 317 550