Directive on the security of network and information systems (NIS Directive)
The NIS Directive targets critical infrastructure services throughout the European Union (EU) where malfunctioning could have negative consequences for the economy and operations of member states. Once identified as such, operators of essential services are required to register with the competent authorities, who will then actively monitor and verify the operators.
All those to whom the NIS Directive applies must participate in the process described in the mandatory security regulations.
- Step 1 is to prove that the NIS policy is a central component of your company's cyber defense strategy.
- In step 2, companies themselves must conduct appropriate risk assessments, take appropriate security measures and adopt plans for security incidents.
The NIS Directive - cornerstone of the European Union's cyber security strategy
NIS is like the security counterpart to the European strategy for a digital single market. The focus here is on strengthening the EU internal market by ensuring a high common level of security for network and information systems in IT security. It is the EU's response to the increasingly frequent weaknesses and threats in the area of cyber security. It defines a framework for strategic cooperation that is implemented by the EU member states in national law.
The provisions of the NIS Directive serve to defend against cyber attacks and to protect the network and information systems of operators of essential services. It provides for countermeasures in the event of security breaches.
The NIS Directive identifies two new categories of actors
- Essential service providers and
- Digital service providers
As an operator of essential services, you have to meet stricter security requirements than digital service providers because you are inherently exposed to higher risks of network and information security (NIS).