The Network and Information System Security (NIS) directive was adopted on July 6 2016. Four years later, the Commission presented a revision of this text. The v2 of this directive on the security of networks and information systems (RIS in French) has just gained a new stage in the European process.
The Council of the EU has indeed adopted its position on this project. This revised version “ aims to eliminate the discrepancies in cybersecurity requirements and the implementation of cybersecurity measures in the different Member States. ”
- The proposal of the European Commission
- The guidelines of the Council of the EU
Under the old NIS Directive, “ it was for the Member States to determine which entities fulfilled the criteria to be qualified as operators of essential services “.
The IRS Directive 2″ introduces a rule associated with a ceiling. This means that all medium and large entities operating in the sectors covered by the directive or providing services falling under it will fall within its scope ”.
- Cybersecurity: ANSSI’s wishes for the European Union
These general guidelines will be used for negotiations with the European Parliament. Once agreement is reached, Member States will have two years to transpose this directive.