NIS Cooperation Group

About the NIS Cooperation Group

The Group's overall mission is to achieve a high common level of security for network and information systems in the European Union. It supports and facilitates the strategic cooperation and the exchange of information among EU Member States. The NIS Cooperation Group's tasks are explicitly described in Article 11 of the NIS Directive.

The NIS Cooperation Group functions according the European Commission Implementing Decision of 1 February 2017 and follows its own rules of procedure (.pdf).The European Commission serves as the secretariat of the Group. The Cooperation Group meets regularly. The European Commission publishes the agendas of all NIS Cooperation meetings.

On the operational side, the NIS Cooperation Group is supported by the work of the network of Computer Security Incident Response Teams (CSIRTs), dedicated to sharing information about risks and ongoing threats, and cooperating on specific cybersecurity incidents. The CSIRTs network was established under Article 12 of the NIS Directive, which also defines its role. The NIS Cooperation Group provides strategic guidance for the activities of the CSIRTs network.

The NIS Cooperation Group is also working closely with the European Cooperation Network on Elections to counter threats to electoral processes under a new joint operational mechanism set-up as a part of the European Democracy Action plan.

Members

The NIS Cooperation Group is composed of representatives of the EU Member States, the European Commission and the EU Agency for cybersecurity (ENISA). The Chairmanship is position is filled by the Member State holding the Presidency of the Council of the European Union (EU).

Every EU Member State has designated a single point of contact (.pdf) on the security of network and information systems that is responsible for ensuring cross-border cooperation with other Member States and with the Cooperation Group.

Publications

Among the key outputs of the NIS Cooperation Group, there are non-binding guidelines to the EU Members States to allow effective and coherent implementation of the NIS Directive across the EU and to address wider cybersecurity policy issues.

Since its establishment, the Group has published the following documents:

• Technical Guideline: Security Measures for Top-Level-Domain Name Registries (.pdf)

• Reference document on security measures for Operators of Essential Services (.pdf)

• Reference document on incident notification for Operators of Essential Services (circumstances of notification) (.pdf)

• Compendium on cyber security of election technology (.pdf)

• Cybersecurity incident taxonomy (.pdf)

• Guidelines on notification of Operators of Essential Services incidents (formats and procedures) (.pdf)

• Guidelines on notification of Digital Service Providers incidents (formats and procedures) (.pdf)

• Reference document on the identification of Operators of Essential Services (modalities of the consultation process in cases with cross-border impact) (.pdf)

• Guidelines for the Member States on voluntary information exchange on cross-border dependencies (.pdf)

• Sectorial implementation of the NIS Directive in the Energy sector (.pdf)

• Annual Report NIS Directive Incidents 2019 (.pdf)

• Synergies in Cybersecurity Incident Reporting (.pdf)

• Threats and risk management in the health sector under the NIS Directive (.pdf)

• Guidelines on implementing national Coordinated Vulnerability Disclosure (CVD) policies

• Compendium on Elections Cybersecurity and Resilience (2024 Updated Version)

The group has also published documents relating to the cybersecurity of 5G networks:

• a risk assessment of 5G networks (.pdf),
• a toolbox of risk mitigating measures (.pdf) for 5G networks
• Reports on the on Member States’ progress in implementing the toolbox: 1st report (.pdf) ; 2nd report (.pdf) 
• a report on the cybersecurity of Open RAN