According to this proposal:
- Member States will have to put in place a minimum level of national capabilities by establishing NIS national competent authorities, by setting up well-functioning Computer Emergency Response Teams (CERTs), and by adopting national NIS strategies and national NIS cooperation plans;
- NIS national competent authorities will have to exchange information and to cooperate so as to counter NIS threats and incidents;
- operators of critical infrastructure (such as energy, transport, banking, stock exchange, healthcare), key Internet enablers (e-commerce platforms, social networks, etc) and public administrations will be required to assess the risks they face and to adopt appropriate and proportionate measures to ensure NIS. These entities will also be required to report to competent authorities incidents with a significant impact on core services provided.