EU Cyber Security Directive on Essential Services

Whatever the result of the EU Referendum, there are some aspects of our relationship with Europe that are unlikely to change, as long as we continue to engage in trade with our neighbours. Cyber security is a global issue and co-operation between states and continents is only likely to become greater over the coming years. A key area is cyber security for the operators of essential services and a new directive, due to come into force in August 2016, lays down a co-ordinated strategy for all EU member states.

When the Network and Information Security Directive comes into force it will further increase existing co-operation on cyber security. The proposed directive will require each EU country to designate one or more national authorities and to establish a strategy for dealing with cyber threats. It will set out the cyber security obligations for operators of essential services – such as energy, transport, finance and health – and digital service providers to manage cyber risks and report major security incidents.

The requirements and supervision for these operators will be stronger than for providers of digital services and reflects the degree of risk that any disruption to their services may pose to society and the economy.

EU member states will have 21 months from the directive’s entry into force to adopt the necessary national provisions. They will then have six further months to identify their operators of essential services.

Posted 2 years ago on · Permalink