The directive on Network and Information System Security (NIS Directive) explained.

Following the implementation of the EU (European Union) Data Protection Regulation (GDPR), several EU organisations must now comply with the NIS (Network & Information Security) Directive. It aims to strengthen the security of networks and information systems in the EU. It requires that the European Union's networks and information systems benefit from a high level of security. The NIS Directive applies to two categories of actors: digital service providers (DSPs) and essential service operators (ESOs); ESOs must comply with more stringent security requirements than DSPs because of the generally higher risks to which they are exposed.

This European text is structured around five major pillars. These five pillars form the main basis of the NIS Directive and are mandatory. They are highly dependent on the quality of cooperation between ESOs and Member States' national cybersecurity agencies that are mandated by the EU, namely the National Competent Authority (NCA) and the Information Security Incident Response Team. These 5 fundamental pillars are as follows:

  • Designate a single point of contact
  • Identify essential information systems (EIS)
  • Apply safety rules to protect EIS
  • Report any significant incidents to the NCA
  • To be controlled and audited by the NCA

The most important of these 5 pillars, which provides optimal security for essential information systems, is the third pillar. It concerns the functioning of the safety rules of the NIS Directive for EIS. It is also the only one that will consume the most resources allocated to the NIS Directive.

This pillar is structured around four main themes related to network and information system security:

  • Governance: ESOs must create an information systems security policy (ISSP) around a coherent set of rules and practices
  • Protection: based on the EIS' global cybersecurity architecture, IT administration rules, identity and access management, cybersecurity maintenance and physical and environmental security
  • Defense: which aims to detect incidents and manage responses to incidents
  • Business resilience: In the event of a breach, the operator must ensure business continuity in accordance with ISSP rules and define its disaster recovery management guidelines in the event of a major incident

In this White Paper, we will detail how to deal with the NIS Directive by focusing on:

1. NIS regulation, its impact, its five pillars and the global compliance landscape

2. The third critical pillar and security requirements for the compliance of the company's information systems

3. The transposition of the NIS Directive into national law throughout the European Union

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.