About this initiative

Full title

COMMISSION IMPLEMENTING REGULATION (EU) …/... laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact

Directorate-General for Communications Networks, Content and Technology
Download (191.1 KB - PDF - 7 pages)

Give your feedback

Feedback period
13 September 2017 - 11 October 2017
Feedback status: Closed

The Commission would like to hear your views.

All feedback

Subscribe to receive notifications

Get notified by e-mail when new initiatives are added.
If you already have an account please log in.
Otherwise create an account using the Register button below.

Recent feedback

  • VNO-NCW (Netherlands)
    11 October 2017 Business association
    VNO-NCW (Netherlands)

    VNO-NCW welcomes the possibility to comment on the draft Commission Implementing Regulation laying down rules that concern the security and notification obligations of digital service providers (DSPs). VNO-NCW supports the objectives of the NIS directive to ensure a high common level of network and information security across the EU. This is important to boost trust and to the smooth functioning of the internal market. The NIS directive makes...

  • Syntec Numérique (France)
    11 octobre 2017 Business association
    Syntec Numérique (France)

    Syntec Numérique est le syndicat professionnel français des entreprises de services du numérique, des éditeurs de logiciels et des sociétés de conseil en technologies. Il regroupe plus de 1 800 entreprises qui réalisent 80 % du chiffre d’affaires total du secteur (plus de 50Md€ de chiffre d’affaires, 427 000 employés dans le secteur). Syntec Numérique contribue à la promotion et à la croissance du numérique à travers le développement de l...

  • IBM (United Kingdom)
    11 October 2017 Company/business organisation
    IBM (United Kingdom)

    Duplicate reporting requirements when a Data Services Provider is providing services to an Operator of Essential Services - As currently described, a DSP outage which only impacts an OES will have to be reported by both the OES and the DSP. We believe this duplicate reporting is unnecessary and risks creating confusion. As a DSP, we cannot imagine a situation where we would not know that we are providing a service to an OES, either because...

  • Anonymous (Germany)
    11 October 2017 Company/business organisation
    Anonymous (Germany)

    Please see attached our feedback on the EC Draft Implementing Act for DSPs. Sincerely, Jan Neutze Director of Cybersecurity Policy EMEA Corporate External and Legal Affairs Microsoft

  • American Chamber of Commerce to the European Union (AmCham EU) (Belgium)
    11 October 2017 Business association
    American Chamber of Commerce to the European Union (AmCham EU) (Belgium)

    To avoid market fragmentation through nationally divergent standard compliance requirements, the implementing measure should explicitly reference ISO27001/27002, the NIST Cybersecurity Framework - which is rapidly becoming a global best practice - or similar, and internationally recognised frameworks which Digital Service Providers (DSPs) can certify against. To preserve the light-touch approach for DSPs and to avoid disproportionate...

  • GSMA (United Kingdom)
    11 October 2017 Company/business organisation
    GSMA (United Kingdom)

    The attached contribution represents the views of the GSMA. The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organisations in adjacent industry sectors. The GSMA also produces industry-leading events such as Mobile World...

All feedback (19) >