EU Network and Information Security Directive adopted

The Network and Information Security (NIS) Directive was adopted by the European Parliament. The NIS Directive aims at strengthening the overall cybersecurity in EU. It requires each member state to establish Computer Security Incident Response Team (CSIRT) and a competent national authority for NIS, and sets up a cross-EU cooperation group for strategic cooperation as well as CSIRT Network for operational cooperation, among other provisions. The directive also defines several categories of ‘operators of essential services’, which are required to take appropriate security measures and notify serious incidents to the relevant national authority. These include operators in the following sectors: energy, transport, banking, financial market infrastructures, health, water, and digital infrastructure (including Internet exchange points, domain name system service providers, and top level domain name registries). The NIS Directive will enter into force in August 2016, allowing member states 21 months to transpose it into their national laws, and another 6 months to identify operators of essential services.