Navigation path

Left navigation

Additional tools

European Commission - Statement

Joint Statement by Vice-President Ansip and Commissioners Avramopoulos, King and Gabriel on the new EU-wide cybersecurity rules

Brussels, 4 May 2018

European Commission Vice-President Andrus Ansip, responsible for the Digital Single Market, Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos, Commissioner for the Security Union Julian King and Commissioner Mariya Gabriel, in charge of Digital Economy and Society, have issued a statement on the first EU-wide legislation on cybersecurity – the Directive on Security of Network and Information Systems (NIS Directive) that Member States have to transpose into national law by 9 May 2018:

"The adoption of the NIS Directive two years ago was a turning point for the EU's efforts to step up its cybersecurity capacities. Thanks to this first EU cybersecurity law, Member States have strengthened their cooperation for a European cybersecurity policy and are coordinating efforts to build their response capacities. The Commission is working closely with Member States to assist with the Directive's transposition.

To further boost the Union's cybersecurity, the EU should swiftly give a strong and permanent mandate to its Agency for Cybersecurity, the European Union Agency for Network and Information Security (ENISA) and establish an EU framework for cybersecurity certification. Together with Member States we should also complete the joint work on the blueprint for cooperation in the event of large scale cross-border cybersecurity incidents and crises that mainstreams cybersecurity to existing crisis management mechanisms at EU level.

To help Member States rapidly transpose the NIS Directive and build their capabilities, the Connecting Europe Facility (CEF) programme is providing €38 million in funding until 2020 to support national CSIRTs as well as other NIS Directive stakeholders, such as the operators of essential services and digital service providers. Member States should use the opportunities given by this funding source to the fullest."


The Directive on Security of Network and Information Systems (NIS Directive)entered into force in August 2016. Member States have had 21 months to transpose the Directive into their national laws and have 6 months more to identify operators of essential services. It is the first EU-wide legally binding set of rules on cybersecurity. The Directive establishes a high common level of security of network and information systems across the EU.

Additionally, to equip Europe with the right tools to deal with cyber-attacks, the European Commission proposed in September 2017 a wide-ranging set of measures to build strong cybersecurity in the EU. This included a proposal for strengthening the EU Agency for Cybersecurity as well as a new European certification scheme to ensure that products and services in the digital world are safe to use.

For More Information

Q&A NIS Directive

Factsheet NIS Directive

State of the Union 2017 - Cybersecurity: Commission scales up EU's response to cyber-attacks


Press contacts:

General public inquiries: Europe Direct by phone 00 800 67 89 10 11 or by email

Side Bar