Directive on security of network and information systems (NIS Directive)

Briefing 10-11-2020

Directive on security of network and information systems across the Union (Directive (EU) 2016/1148, NIS Directive) is the first horizontal EU cybersecurity legal act, which will be reviewed in 2020 with the aim to increase cybersecurity in the EU. The NIS Directive entered into force in August 2016 and Members States transposed it into national laws by 9 May 2018. The NIS Directive was designed to improve Member States' cybersecurity capabilities; the cooperation between Member States; and Member States' supervision of critical sectors. The Directive established a culture of risk management and incident reporting among key economic actors - operators providing essential services (OES) and Digital Service Providers (DSPs). The Directive also set out cooperation mechanisms, such as the NIS Cooperation Group and the network of national computer security incident response teams (CSIRTs).