Implementation of the NIS directive

Authors:

  • Margarita Jaitner
  • Sofia Olsson

Publish date: 2019-02-07

Report number: FOI-R--4741--SE

Pages: 56

Written in: Swedish

Keywords:

  • NIS-directive
  • cybersecurity
  • the EU
  • critical infrastructure protection
  • incident reporting

Abstract

In July 2016, the European Parliament adopted the so-called NIS Directive in order to achieve a common high level of security in networks and information systems within the Union. The Directive covers providers of essential services in seven predefined sectors as well as digital services. The Directive, which came into force in May 2018, required inter alia that the Member States identify relevant essential services, establish processes to address the requirements of the Directive as well as adjust legislation where necessary. This study considers various aspects of the implementation of the Directive in four Member States: Estonia, the Netherlands, Great Britain and Germany. Both the integration of the Directive's requirements in the member states' national legislation and establishment of processes for e.g. incident reporting lie within the focus of this study. The study is based upon publicly available considerations regarding implementation held within the selected member states, legislative documents as well as documentation gathered at the NIS-Cooperation meetings, where a variety of aspects of the implementation of the Directive has been discussed.