Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 40kWORD 18k
5 September 2019
Question for written answer P-002649-19
to the Commission
Rule 138
Ivo Hristov (S&D)

 Subject:  Implementation of the Network and Information Security Directive
 Answer in writing 

Directive (EU) 2016/1148 of the European Parliament and of the Council concerning measures for a high common level of security of network and information systems across the Union was adopted on 6 July 2016 and took effect in August of that year. The Member States were required to transpose it into their national legislation by 8 November 2018.

The directive requires the Member States to ensure that operators of essential services take appropriate measures to prevent, and to minimise the impact of, incidents affecting the security of network and information systems.

On 16 July 2019, it was revealed that the personal data of almost five million Bulgarian citizens, held by the National Revenue Agency, had been hacked in an unprecedented cyberattack. This prompts me to ask two questions.

1. Does the Commission know whether Bulgaria has transposed into national law and implemented the provisions of Directive (EU) 2016/1148?

2. Does the Commission consider that Bulgaria has complied with its obligations on security requirements and incident notification as set out in Article 14(1) and (2) and Article 16(1)(a) and (d) of the directive?

Original language of question: BG 
Last updated: 10 September 2019Legal notice - Privacy policy