This year the European Directive on security of network and information systems (NIS Directive) was to be transposed into local legislation by all EU member states. Objective of the Directive is to improve cyber security capabilities on national level to protect essential services such as healthcare, transport, energy, water, financial and digital infrastructure. Private or public companies that operate the essential services will have to take security measures as defined by the country and notify serious cyber incidents to the relevant national authority.
While the due date for member states to transpose the directive into local legislation was in May, the majority of member states missed this deadline. This leaves organizations in a limbo of what they will have to comply with in terms of security measures and incident reporting. Meanwhile, November sees the next milestone dictated by the directive approaching fast. By then member states will have to have nominated all operators of essential services. It is uncertain how much time organizations will have to become compliant. For CI it will be important to identify what can and should be done already now.
Applied Risk will discuss in this presentation current status of the NIS Directive, giving key insights on what can be expected based on the countries which have already completed transposition.
See the full discussion on October 3rd at 2pm at the Critical Infrastructure Protection & Resilience Europe held in The Hague.