Skip to main content
Shaping Europe’s digital future logo

Cybersecurity: Commission urges Belgium, Hungary and Romania to comply with their obligations regarding operators of essential services

The Commission decided today to send reasoned opinions to Belgium, Hungary and Romania regarding their failure to notify the Commission with information related to the identification of operators of essential services. The Commission, as set out in the Directive on security of network and information systems (NIS Directive (EU) 2016/1148) required this information to assess the consistency of approaches different Member States take when identifying operators of essential services. The deadline to submit the information was by 9 November 2018.

evocation of cybersecurity

Today's reasoned opinions follow the letters of formal notice sent by the Commission in July 2019 to all three countries. In the case of Belgium, the missing information includes the number of operators in several critical sectors such as energy, transport, health and drinking water supply and distribution, as well as information about existing thresholds to identify them (used in the identification process). Hungary needs to notify about the operators of essential services for the transport sector that are still missing, while Romania's authorities still need to notify about national measures allowing for the identification of operators, the number of operators of essential services and thresholds used in the identification process. Belgium, Hungary and Romania now have two months to take the necessary measures to comply; otherwise, the case may be referred to the Court of Justice of the EU.