The European Parliament, Council of the EU and European Commission have reached an agreement on the first EU-wide legislation on cybersecurity (NIS Directive), which will:

  • improve cybersecurity capabilities in Member States;
  • improve Member States’ cooperation on cybersecurity; and
  • require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to national authorities.

The NIS Directive needs to be formally approved by the European Parliament and the Council of the EU, after which it will be published in the Official Journal of the EU and enter into force 20 days thereafter. Member States will have 21 months to implement the NIS Directive into their national laws and an additional six months to identify operators of essential services.

View Commission welcomes agreement to make EU online environment more secure, 8 December 2015