Data Protection Report - Norton Rose Fulbright

The EU Network & Information Security Directive (NISD) (also known as the “Cyber Security Directive”) got one step closer to adoption today when, on May 17, 2016, the EU Council confirmed at first reading the agreement reached with the European Parliament in December 2015. To be enacted, the text must be approved by the European Parliament at second reading. A press release from the European Council states that the NISD is expected to enter into force in August 2016.

The NISD establishes minimum obligations for all Member States on the prevention of, handling of, and response to, risks and incidents affecting networks and information systems; creates a cooperation mechanism between Member States; and establishes security requirements for certain market operators and public administrations. The NISD will impose new security-related obligations on market operators providing “essential services” in a wide range of industries. Providers of digital services (online marketplaces, cloud computing services and search engines) will also be covered by the NISD.

Once adopted, EU Member States will have 21 months to adopt the necessary national provisions to comply with the NISD.

For further details of the contents of the NISD please see our December 2015 post on the agreed text.