The aim of the proposed Directive is to ensure a high common level of network and information security (NIS) across the EU. Ensuring NIS is vital to boost trust and to the smooth functioning of the EU internal market. Regulatory obligations are required to create a level playing field and close existing legislative loopholes.

According to this proposal:

  • Member States will have to put in place a minimum level of national capabilities by establishing NIS national competent authorities, by setting up well-functioning Computer Emergency Response Teams (CERTs), and by adopting national NIS strategies and national NIS cooperation plans;
  • NIS national competent authorities will have to exchange information and to cooperate so as to counter NIS threats and incidents;
  • operators of critical infrastructure (such as energy, transport, banking, stock exchange, healthcare), key Internet enablers (e-commerce platforms, social networks, etc) and public administrations will be required to assess the risks they face and to adopt appropriate and proportionate measures to ensure NIS. These entities will also be required to report to competent authorities incidents with a significant impact on core services provided.

Find the text of the Directive proposal here.
For more information on the Directive, you can check in the press release and the MEMO.