The NIS Directive is the first piece of EU-wide legislation on cybersecurity. The aim is to bring cybersecurity capabilities at the same level of development in all the EU Member States and ensure that exchanges of information and cooperation are efficient, including at cross-border level.
Member States have established their trusted lists of supervised/accredited certification service providers, in a “human readable” form, and also a "machine processable" form which allowed for automated information retrieval.
The Commission noted that transposition of the Directive into the legislation of the Member States has met the need for the legal recognition of electronic signatures. It therefore considers that the Directive's objectives have been fulfilled and that no need for its revision has emerged at this stage. The Commission nonetheless plans to consult the Member States and relevant stakeholders to address a number of issues, particularly on interoperability problems, technical aspects and standardisation.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)