The Directive on Security of Network and Information Systems (NIS Directive) ((EU) 2016/1148) aims to achieve a high common level of network and information systems security across the European Union in three ways:
Member States are required to set their own rules on financial penalties and must take the measures necessary to ensure that they are implemented. It is likely that Member States will implement tough penalties similar to that of the GDPR (General Data Protection Regulation).
The NIS Directive applies to OESs that are established in the EU and DSPs that offer services to persons within the EU. The Directive does not apply to hardware and software developers or digital service providers that are considered small and micro businesses. (Companies employing fewer than 50 people whose annual turnover and/or balance sheet total is less than €10 million).
Implement a cyber resilience programme that incorporates the following: