EU Council Adopts the Network and Information Security Directive
Time 2 Minute Read
Categories: Cybersecurity, European Union, International

On May 17, 2016, the European Council adopted its position at first reading of the Network and Information Security Directive (the “NIS Directive”). The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.

The NIS Directive will impose security obligations on “operators of essential services” in critical sectors and “digital service providers.” These operators will be required to take measures to manage cyber risks and report major security incidents.

Operators of essential services will include entities within the energy, transport, banking, financial market infrastructures, health, drinking water supply and distribution, and digital infrastructure sectors. The security obligations imposed on these operators will be stronger than those for digital service providers (i.e., providers offering online marketplaces, online search engines and cloud computing services in the EU).

Further, each EU Member State will be required to (1) designate one or more national authorities on the security of network and information systems and (2) establish a strategy for dealing with cyber threats.

Next steps

The NIS Directive must be approved by the European Parliament in plenary session. The NIS Directive is expected to enter into force in August 2016. Thereafter, EU Member States will have 21 months to adopt the necessary national provisions. Following this period, EU Member States will have six months to identify operators of essential services. In order to do so, EU Member States should assess whether services are essential for the maintenance of critical social and economic activities.

Tags: Cloud Computing, EU Member States, European Commission, European Parliament, Service Provider
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
European Commission Announces New Cybersecurity Package

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
European Commission Renews UK Data Adequacy Decisions

On December 19, 2025, the European Commission announced the renewal of the two UK adequacy decisions originally adopted in 2021, reaffirming that personal data may continue to move freely between the European Economic Area and the UK.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 5 Minute Read
EU Digital Omnibus Introduces a Single Reporting Point for Cybersecurity Incidents

On November 19, 2025, the European Commission unveiled the much-anticipated digital omnibus legislative package (the “Digital Omnibus”), setting the stage for a new era of digital governance and regulatory simplification across the European Union. According to the Commission, this initiative is designed to enable European businesses to devote more energy to innovation and growth, rather than navigating complex compliance landscapes.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page