Published: Mon, 16 January 2017
Over the past few years, the European Commission has adopted a series of measures to raise Europe’s preparedness to ward off cyber incidents. The NIS Directive is the first piece of EU-wide legislation on cybersecurity.
The Directive on security of network and information systems (the NIS Directive) was adopted by the European Parliament on 6 July 2016. European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market, and Commissioner Günther H. Oettinger, have issued a statement at this occasion. The Directive will enter into force in August 2016. Member States will have 21 months to transpose the Directive into their national laws and 6 months more to identify operators of essential services.
In 2013 the Commission put forward a proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union. The NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring:
Strengthening Europe’s cyber resilience
In its Communication of 5 July 2016, the European Commission encourages Member States to make the most of NIS coordination mechanisms. Building on those, the Commission will propose how to enhance cross-border cooperation in case of a major cyber-incident. Given the speed with which the cybersecurity landscape is evolving, the Commission will also bring forward its evaluation of the European Union Agency for Network and Information Security (ENISA), which will possibly lead to the adoption a new mandate.
The Commission is also examining how to strengthen and streamline cybersecurity cooperation across different sectors of the economy, including in cybersecurity training and education.
Securing network and information systems in the EU is essential to keep the online economy running and to ensure prosperity. The European Union works on a number of fronts to ensure cybersecurity in Europe, from raising the capabilities of the Member States to implementing the international cooperation on cybersecurity and cybercrime.
The cybersecurity strategy for the European Union and the European Agenda on security provide the overall strategic framework for the EU initiatives on cybersecurity and cybercrime. The Digital Single Market Strategy also recognises the importance of trust and security. By completing the Digital Single Market, the EU could boost its economy by almost €415 billion per year and create hundreds of thousands of new jobs. But for new connected technologies and services to take off Europeans need trust and confidence.
What are the key objectives of the Commission in the field of cybersecurity?
The aim is to bring cybersecurity capabilities at the same level of development in all the EU Member States and ensure that exchanges of information and cooperation are efficient, including at cross-border level. In this area, the Directive on security of network and information systems (the NIS Directive) is the main instrument supporting Europe’s cyber resilience.
Europe needs to be more ambitious in nurturing its competitive advantage in the field of cybersecurity to ensure that European citizens, enterprises (including SMEs), public administrations have access to the latest digital security technology, which is interoperable, competitive, trustworthy and respects fundamental rights including the right to privacy. This should also help take advantage of the booming global cybersecurity market. To achieve this Europe needs to overcome the current cybersecurity market fragmentation and foster European cybersecurity industry. The Commission is working towards strengthening industrial capabilities in Europe.
The objective is to embed cybersecurity in the future EU policy initiatives from the start, in particular with regard to new technologies and emerging sectors such as connected cars, smart grids and the Internet of Things (loT).