Under Directive (EU) 2016/1148 on Security of Network and Information Systems (the “NIS Directive”), identified operators of essential services will have to take appropriate security measures and to notify serious cyber incidents to the relevant national authority. This report provides an overview of how Member States have identified operators of essential services. It assesses whether the methodologies for identifying such operators are consistent across Member States.
