NIS Directive

Directive on the security of network and information systems (NIS Directive)

The NIS Directive targets critical infrastructure services throughout the European Union (EU) where malfunctioning could have negative consequences for the economy and operations of member states. Once identified as such, operators of essential services are required to register with the competent authorities, who will then actively monitor and verify the operators.

All those to whom the NIS Directive applies must participate in the process described in the mandatory security regulations.

  • Step 1 is to prove that the NIS policy is a central component of your company's cyber defense strategy.
  • In step 2, companies themselves must conduct appropriate risk assessments, take appropriate security measures and adopt plans for security incidents.

The NIS Directive - cornerstone of the European Union's cyber security strategy

NIS is like the security counterpart to the European strategy for a digital single market. The focus here is on strengthening the EU internal market by ensuring a high common level of security for network and information systems in IT security. It is the EU's response to the increasingly frequent weaknesses and threats in the area of cyber security. It defines a framework for strategic cooperation that is implemented by the EU member states in national law.

The provisions of the NIS Directive serve to defend against cyber attacks and to protect the network and information systems of operators of essential services. It provides for countermeasures in the event of security breaches.

The NIS Directive identifies two new categories of actors

  • Essential service providers and
  • Digital service providers

As an operator of essential services, you have to meet stricter security requirements than digital service providers because you are inherently exposed to higher risks of network and information security (NIS).

Advantages of our solutions for the NIS Directive

The Rohde & Schwarz Cybersecurity portfolio will help you take the right path in protecting enterprise applications and cloud-based digital assets. Rohde & Schwarz Cybersecurity is one of the very few vendors in Europe that offers proprietary core technologies and expertise. It is committed to regulatory compliance, and is firmly rooted in Europe with local technical support and training programs.

  • R&S®Web Application Firewall protects critical web applications and APIs. It provides a platform for centralized provisioning and management of all devices and applications. This includes automatic installation even in cloud-based instances.
  • R&S®Trusted Gate protects sensitive data against cyber attacks with a comprehensive range of solutions. The product family ensures the highest security standards in the area of data protection through dynamic encryption and virtualization technologies that are used in public clouds and collaboration tools.

If you have further questions please contact us.

Featured NIS content

White paper: The NIS Directive decrypted

Decipher the NIS Directive thanks to our white paper produced jointly with Mathieu Poujol, Head of Cyber Security at Technology Group.

Register now

Protecting against the top 10 most critical API security risks

In this webinar you will learn about the Top 10 most critical API security risks and how to achieve an overall robust protection of APIs.

Register now

eBook: Work securely in cloud environments and collaboration tools

In this eBook you will learn why conventional security mechanisms in the age of the cloud are no longer sufficient.

Register now


What is the NIS Directive?

The NIS Directive deals with cybersecurity at EU level and is the security policy counterpart to the strategy of the European digital single market. It aims to strengthen the EU single market through a common high level of network and information system security in terms of IT security. Everyone covered by the NIS Directive must participate in the process outlined by the mandatory security rules.

What is the impact of NIS on cybersecurity?

Under the NIS Directive, certain enterprises and organizations will be required to report serious cyber incidents at EU level. In order to achieve an EU-wide minimum security level for digital technologies, networks and services of the EU members, the main objectives are

  • Search engines
  • Cloud provider
  • Online payment platforms
  • "Major e-commerce websites" affected
What is the difference between NIS and GDPR?

The DSGVO deals with the protection of personal data, whereas the NIS Directive refers to network and information security.

When do NIS reporting obligations come into effect?

In order to determine whether there is an obligation to notify an incident according to the NIS directive, companies or digital service providers must estimate: 1. the number of persons currently using the service or 2. the number of affected users who have used the service. The provider must also be able to determine whether a cyber security incident is affecting its services in EU member states. The cooperation must also be able to determine whether the incident resulted in significant material or immaterial loss to users in terms of health, security or damage to property.

How do enterprises actually become NIS-compliant?

You can achieve NIS compliance by implementing an integrated management system, which must include ISO 27001 and ISO 22301 (business continuity management). This is supported by compliance with internationally applicable standards/specifications. This is because the use of European / internationally recognized standards and specifications is recommended for the security of networks and information systems, as described in Article 19 of the NIS Directive.

Your monthly cybersecurity update

Your monthly cybersecurity update

Contact Us

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error has occurred, please try again later.