May 9th marked the deadline for EU member states to be fully compliant with the NIS Directive, a new piece of EU-wide legislation that requires operators of essential services (OES) that are established in the EU as well as digital service providers (DSPs) to improve their cyber security measures in response to the associated risks. While Brexit may be a matter of months away, the government has already confirmed the UK’s requirement to comply with the NIS Directive irrespective of our imminent EU exit.
Now in full force, the Directive requires OES and DSPs to take “appropriate and proportionate” action to enhance our nationwide security profile and mitigate the risk of costly and damaging attacks to our organisations. While it may not have received as much widespread publicity as the GDPR, the NIS Directive applies to a plethora of key industries: energy, transport, health, water and digital infrastructure companies as well as search engines, cloud computing service providers and online marketplaces.
Official guidance advises both OES and DSPs to take certain steps in ensuring compliance, such as implementing an effective security incident response process as well as technical and organisational security measures. However, if they are to stay one step ahead, organisations in either category must keep abreast with the latest developments or trends in cyber crime and regularly revise their defence strategies accordingly.
While the NIS Directive states that the responsibility to determine penalties for non-compliance lies with the individual Member States and not the EU, it does clarify that penalties must be “effective, proportionate, and dissuasive.” Further, organisations that fail to comply with the new NIS Directive are now subject to reactive ex-post supervisory activities by NCAs. Of course, considering the unprecedented pace at which the cyber-threat landscape is evolving, compliance with the Directive is not only critical in avoiding financial penalties but also strengthening our security profile.
“The NIS Directive is the first piece of EU-wide legislation on cyber security. It provides legal measures to boost the overall level of cyber security in the EU.”
Please enter your name and email to receive our latest newsletter.
Please fill in the fields below to receive your free download.
Global Legal Services Brochure
Subscription Legal Services Brochure
V-Sign Remote Document Witnessing
We are a multi-disciplined global law firm that helps all businesses, from one man bands through to multinational & publicly quoted companies, providing high quality legal advice, when needed, at prices other law firms can’t compete with.
We are not just another law firm that claims to be different, but still charges extortionate hourly rates to support its lavish infrastructure and the lifestyles of a wealthy partner structure. We are different.
We are unique in the legal profession and lead where others follow, driving the law to provide a more commercial and affordable global legal service to clients.
We provide a free, no obligation consultation to let you know how we can help, and what it will cost.
Call a lawyer for a chat on: 0333 772 0967