European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market, and Commissioner Günther H. Oettinger, in charge of the Digital Economy and Society, welcome today's vote by the European Parliament's plenary to adopt the Directive on Security of Network and Information Systems (the 'NIS Directive').
Vice-President Andrus Ansip said: "If we want people and businesses to make the most of digital services, they need to trust them. A Digital Single Market can only be created in a secure online environment. The Directive on Security of Network and Information Systems is the first comprehensive piece of EU legislation on cybersecurity and a fundamental building block for our work in this area. It requires companies in critical sectors – such as energy, transport, banking and health – to adopt risk management practices and report major incidents that can affect the Digital Single Market to their national authorities which will, in turn, be able to carry out better capacity-building with greater cross-border cooperation inside the EU. It also obliges online market places, cloud computing services and search engines to take similar security steps. The rules adopted today, complemented by the new partnership with the industry on cybersecurity presented yesterday, create the right conditions for people and businesses to use digital tools, networks and services in the EU with confidence."
Commissioner Günther H. Oettinger said: "This has been an important week for cybersecurity in Europe. The adoption of the first EU-wide legislation on cybersecurity will support and facilitate strategic cooperation between Member States as well as the exchange of information. I would like to thank the European Parliament, especially the rapporteur Andreas Schwab, for the hard work to get this important deal. I am now calling on Member States to make the most of new cooperation mechanisms and to support the additional initiatives on cybersecurity presented yesterday. Cooperation with the industry is also essential. This is why I signed a partnership with the private sector that will trigger €1.8 billion of investment to foster cross-border research and development cooperation of the cybersecurity industrial players in Europe. All these initiatives reinforce each other and are vital if we want our digital economy and society to thrive."
Press release: Commission signs agreement with industry on cybersecurity and steps up efforts to tackle cyber-threats (5 July 2016)
Factsheet: EU cybersecurity initiatives: working towards a more secure online environment (5 July 2016)
Following today's vote, the NIS Directive is expected to enter into force in August 2016. Member States will have 21 months to implement this Directive into their national laws and 6 months more to identify operators of essential services.
The European Parliament voted on its first reading of the draft legislation in March 2014 (statement). The Council adopted its negotiating mandate under the Luxembourg Presidency on 4 December 2015 following progress under the Latvian Presidency (see Council press release). Negotiations between the institutions led to an agreement on 7 December 2015 (press release).