The European Central Bank (ECB) has published an opinion, along with its suggested amendments, on the European Commission’s proposed Directive concerning measures to ensure a high common level of network and information security (NIS) across the EU (the proposed Cyber-Security Directive).
The ECB whilst supporting the proposed Directive also makes a number of observations, including the following:
- the proposed Directive should be without prejudice to the existing regime for the Eurosystem’s oversight of payment and settlement systems, which includes appropriate NIS arrangements. The ECB has a particular interest in enhanced security in payment and settlement systems to promote the smooth operation of payment systems and help maintain confidence in the euro and the functioning of the EU economy;
- the assessment of security arrangements and incident notifications for payment and settlement systems, and payment service providers is one of the core competencies of prudential supervisors and central banks. Responsibility for developing oversight requirements in the payment and settlement areas should remain with these authorities, and should not be subject to potentially conflicting requirements imposed by other national authorities; and
- provisions in the proposed Directive should not prejudice the standards in other pieces of EU legislation, particularly in European Markets Infrastructure Regulation. Also, provisions should not interfere with the tasks of the European Banking Authority, the European Securities and Markets Authority or any other prudential supervisor.
