Brussels, 30/06/2015 (Agence Europe) - On 29 June 2015, the Latvian Presidency announced that it had reached an understanding with the European Parliament at the 4th trialogue meeting, on the main principles to be included in the draft directive on network and information security (NIS directive). The presidency will present the outcome to member states' ambassadors at the meeting of the Permanent Representatives Committee on 30 June.
These principles will then need to be turned into legal provisions to allow for a final deal on the directive at a later stage.
“The rise of cyber attacks is one of the greatest threats we are facing, and today's agreement on the global package is a big step towards the finalisation of the first EU-wide measures to counter this threat”, said Raimonds Vçjonis, the Latvian minister for defence. “This also reflects the priority given to this issue by EU leaders, who on Friday called for rapid adoption of the directive”, he added. In the recommendations they adopted on the digital single market strategy (see EUROPE 11344) at the European Council on Friday 26 June, heads of state and government effectively called on the different partners to reach a swift conclusion on the draft NIS directive.
The new rules will require designated operators that provide essential services (in areas such as energy and transport) to take measures to manage risks to their networks and report incidents to authorities. Member states will identify such essential operators to be covered by the directive, based on clear criteria. The Council also indictated that it was agreed that digital service platforms would be treated in a different manner from essential services. The details will be discussed at a technical level. The draft directive also stipulated that member states will be required to establish an NIS plan and designate competent authorities. An EU-level cooperation group will be created to address NIS matters at a strategic level and guide operational activities. For such operational cooperation, a network of national Computer Security Incident Response Teams (CSIRTs) will be set up. It will help develop confidence and trust between member states.
It should be pointed out that the NIS directive proposed by the European Commission in February 2013 seeks to ensure that the member states, key Internet service providers and critical infrastructure operators guarantee a securitised digital environment throughout EU territory, given that the number of cyber attacks is increasing significantly. The main challenge was to strike the right balance between binding EU level rules and voluntary measures that member states could adopt and which should, ultimately, lead to similar levels of preparation with regard to NIS-related issues and enable the EU to efficiently respond to the challenges created by digital threats. (Isabelle Lamberty)