Administrator: Alessandro RIZZI, Assistant: Denise IVANOVICH
Foreseen for the EESC Section: 14 April 2021
Foreseen for the EESC Plenary session: 27-28 April 2021
Gist of the Commission document
The proposed Directive on measures for high common level of cybersecurity across the Union (revised NIS Directive or ‘NIS 2') repeals Directive (EU) 2016/1148 on security of network and information systems (NIS Directive). The NIS Directive has increased the EU national cybersecurity capabilities, requiring Member States to elaborate a National Cybersecurity strategy, to establish National Computer Emergency Response Teams (CSIRTs) and to appoint NIS national competent authorities, improving the cyber resilience of public and private entities in specific sectors and across digital services. The new proposal aims to strengthen the security requirements imposed, addressing security of supply chains, streamlining reporting obligations, introducing more stringent supervisory measures for national authorities, stricter enforcement requirements and harmonised sanctions regimes across Member States. It also includes proposals for information sharing and cooperation on cyber crisis management at national and EU level.
The European Commission has jointly proposed a Directive on the resilience of critical entities, with the objective of improving the resilience of critical entities against physical threats in a large number of sectors. The proposal expands both the scope and depth of the current 2008 European Critical Infrastructure directive, including the coverage of ten sectors: energy, transport, banking, financial market infrastructures, health, drinking water, waste water, digital infrastructure, public administration and space.
The legal basis for both proposals is Article 114 of the Treaty on the Functioning of the European Union, whose objective is the establishment and functioning of the internal market by enhancing measures for the approximation of national rules.