The Commission launched a public consultation on the revision of the Directive on security of network and information systems (the NIS Directive). Since the current Directive entered into force in 2016, the cyber-threat landscape has been evolving quickly. The Commission now plans to kick-start the procedure for the revision of the NIS Directive, starting with a public consultation that aims to collect views on its implementation and on the impact of potential future changes.

logo of the public consultation

Executive Vice-President for A Europe Fit for the Digital Age, Margrethe Vestager, said:

As our daily lives and economies become increasingly dependent on digital solutions, we need a culture of state of the art security across vital sectors that rely on information and communication technologies.”

Vice-President for Promoting our European Way of Life, Margaritis Schinas, said:

The review of the Network and Information Systems Directive is an integral part of our forthcoming EU Security Union Strategy that will provide an EU coordinated and horizontal approach to security challenges.

Commissioner for Internal Market, Thierry Breton, said:

The coronavirus crisis has highlighted how important it is to ensure the resilience of our network infrastructure, in particular in sensitive sectors such as health. This consultation is an opportunity for stakeholders to inform the Commission on the state of the cybersecurity preparedness of companies and organisations and to propose ways to further improve it.

Since its adoption, the NIS Directive has ensured that Member States are better prepared for cyber incidents and have increased their cooperation through the NIS Cooperation Group. It obliges companies that provide essential services in vital sectors, namely in energy, transport, banking, financial market infrastructures, health, water supply and distribution and digital infrastructure, as well key digital service providers, such as search engines, cloud computing services or online marketplaces, to protect their information technology systems and report major cybersecurity incidents to the national authorities.

The consultation, which will be open until 2 October 2020, seeks opinions and experiences from all interested stakeholders and citizens.

Contribute to the consultation