Joint statement by Vice-President Ansip and Commissioners Avramopoulos, King and Gabriel on the first EU-wide legislation on cybersecurity

Vice-President Andrus Ansip, responsible for the Digital Single Market, Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos, Commissioner for the Security Union Julian King and Commissioner Mariya Gabriel, in charge of Digital Economy and Society, issued a statement on the first EU-wide legislation on cybersecurity – the Directive on Security of Network and Information Systems (NIS Directive) that Member States have to transpose into national law by 9 May 2018.

They said: “The adoption of the NIS Directive two years ago was a turning point for the EU’s efforts to step up its cybersecurity capacities. Thanks to this first EU cybersecurity law, Member States have strengthened their cooperation for a European cybersecurity policy and are coordinating efforts to build their response capacities.” The full statement is available here. TheDirective on Security of Network and Information Systems (NIS Directive) entered into force in August 2016. Member States have had 21 months to transpose the Directive into their national laws and have 6 months more to identify operators of essential services. It is the first EU-wide legally binding set of rules on cybersecurity. The Directive establishes a high common level of security of network and information systems across the EU. Additionally, to equip Europe with the right tools to deal with cyber-attacks, the European Commission proposed in September 2017 a wide-ranging set of measures to build strong cybersecurity in the EU. This included a proposal for strengthening the EU Agency for Cybersecurity as well as a new European certification framework to ensure that products and services in the digital world are safe to use. More details on the new rules are available in the Q&A as well as a factsheet.