Skip to main content
Shaping Europe’s digital future logo

Network and Information Security Directive: co-legislators agree on the first EU-wide legislation on cybersecurity

On 7th December 2015, the European Parliament and the Council reached an agreement on the Commission’s proposed measures to increase online security in the EU. The Network and Information Security (NIS) Directive is the first piece of European legislation on cybersecurity. Its provisions aim to make the online environment more trustworthy and, thus, to support the smooth functioning of the EU Digital Single Market.

The proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union was put forward by the European Commission in 2013. Two years later, the Parliament and the Council have agreed on a set of measures to boost the overall level of cybersecurity in the EU.

The new rules will:

  • improve cybersecurity capabilities in Member States
  • improve Member States' cooperation on cybersecurity
  • require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities.

Following this political agreement, the text will have to be formally approved by the European Parliament and the Council. Upon publication of the adopted text in the Official Journal, the Member States will have 21 months to implement this Directive into their national laws and 6 months more to identify operators of essential services.

For more information, read the press release.

You can find here the original text of the Directive, as proposed in 2013. The new text will be available once adopted.