European Commission Consults on Proposed Revisions to EU Cybersecurity Rules

The European Commission has launched a consultation on proposed revisions to the EU Directive on the security of network and information systems across the Union (commonly known as the NIS Directive), which is designed to protect the security of EU network and information systems. The NIS Directive sets out, among other things, the parameters of national network and information security strategies to be implemented by Member States for providers of "essential services", which include credit institutions (as defined under the EU Capital Requirements Regulation) and financial market infrastructures.
 
The consultation is directed at stakeholders including national regulators, relevant EU bodies, operators of essential services and digital services providers. It poses a series of questions to collect views on the implementation of the NIS Directive and the impacts of possible future changes. Responses should be submitted by October 2, 2020. It is published alongside a roadmap describing the problems that the review seeks to tackle, which include inconsistent implementation of the NIS Directive across Member States (leading to regulatory fragmentation and additional compliance burdens for those subject to the requirements) and the sudden digital transformation in society, which has been further accelerated by the outbreak of COVID-19. The project forms part of the Commission's stated 2020 policy objective to make "Europe fit for the digital age" and is deemed even more critical in light of global information technology dependence following the pandemic.
 
View the Commission's consultation on proposed revisions to the NIS Directive. 
 
View details of the Commission's adjusted 2020 Work Program.
 
Return to main website.