Publication
Mental Health Awareness Week
Mental Health Awareness Week provides us the opportunity to pause and reflect on our own mental health, and the mental health of our friends, family, and colleagues.
Global | Publication | December 2015
On December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD).1 The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union for Foreign Affairs and Security Policy published a strategy for ‘An Open, Safe and Secure Cyberspace’ and proposed directive in 2013. Once adopted, likely in early 2016, EU Member States will have 21 months to adopt the necessary national provisions to comply with the NISD.
The NISD lays down minimum obligations for all Member States on the prevention and handling of and the response to risks and incidents affecting networks and information systems, creates a cooperation mechanism between Member States, and establishes security requirements for certain market operators and public administrations. The NISD will impose new security-related obligations on market operators providing “essential services” in a wide range of industries. In the words of the European Parliament’s rapporteur, the NISD marks the “beginning of platform regulation” in the EU.
The NISD’s imposition of security-related obligations on market operators has been among the most contentious issues delaying agreement on the NISD. Under the agreed compromise, the NISD will impose obligations only on operators of “essential services” in critical sectors. These sectors, however, include many of the EU’s most important industries:
Within these sectors, Member States will identify the operators providing essential services, based on criteria in the NISD, including whether the service is critical for society and the economy, whether it depends on network and information systems and whether an incident could have significant disruptive effects on its provision or public safety. These operators will have to take appropriate security measures and notify serious incidents to the relevant national authority.
Providers of digital services will also be caught by the NISD. The following providers will be covered:
Member State authorities will have six months after the NISD’s implemenation deadline to identify their providers of essential services.
The NISD will oblige each EU Member State to designate one or more national authorities and develop a cybersecurity strategy. The NISD will also create a “Cooperation Group” between Member States to support and facilitate strategic cooperation and the exchange of information among Member States. The Commission will provide the secretariat for the Cooperation Group. The Directive will, moreover, create a network of Computer Security Incident Response Teams to promote the swift and effective operational cooperation on specific cybersecurity incidents and the sharing of information about risks.
Council press release 904/15, December 8, 2015 and European Parliament press release, December 7, 2015.
Publication
Mental Health Awareness Week provides us the opportunity to pause and reflect on our own mental health, and the mental health of our friends, family, and colleagues.
Publication
On 24 April 2024, the European Parliament voted to adopt the long-awaited EU Corporate Sustainability Due Diligence Directive (CSDDD or the Directive).
Publication
We are delighted to announce that Al Hounsell, Director of Strategic Innovation & Legal Design based in our Toronto office, has been named 'Innovative Leader of the Year' at the International Legal Technology Association (ILTA) Awards.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023