NIS 1 DIRECTIVE - What is the NIS directive and what are its objectives.

Thursday, February 26, 2015

Begin with this article the publication of a series of insights on the NIS DIRECTIVE, which is not closely linked to the GDPR, but has many elements in common and therefore we hope it will interest our readers.

The 1148 European Directive of the 6 July 2016 - Network and Information Security - NIS - deals with defining measures for a common high level of security of networks and information systems in the Union.

It establishes - art. 1 - measures to achieve a high common level of network security and information systems in the Union so as to improve the functioning of the internal market. To that end:

  1. requires all Member States to adopt a national strategy on network security and information systems;
  2. establish a cooperation group to support and facilitate strategic cooperation and the exchange of information between Member States and to build trust between them;
  3. create a network of cybersecurity action teams in the event of an incident ('CSIRT network') to contribute to the development of trust between Member States and to promote rapid and effective operational cooperation;
  4. establishes security and notification obligations for operators of essential services and for digital service providers;
  5. requires Member States to designate national competent authorities, single contact points and CSIRTs with tasks related to network security and information systems.

The 5 article requires that within the 9 November 2018, and every two years thereafter, the Member States have identified, for each sector and sub-sector referred to in the relevant annex, the operators of essential services with a seat in their territory .

The criteria for identifying the operators of essential services are as follows:

  1. a subject provides a service that is essential for the maintenance of fundamental social and / or economic activities;
  2. the provision of this service depends on the network and information systems;
  3. an accident would have significant adverse effects on the provision of this service.

The areas of competence referred to in the Directive are listed below:

ESSENTIAL SERVICE OPERATORS - OSE

Energy (electricity, oil and gas)

Transports (plane, rail, waterways, road)

Banking sector (credit institutions)

Financial markets

Healthcare sector (Health institutions, including hospitals and private clinics)

Drinking water (supply and distribution)

Digital infrastructures (IXP operators - Internet exchange point, DNS service provider - domain name systems, TLD top-level domain name registries)

DIGITAL SERVICE SUPPLIERS - FSD

Online market

Search engine online

Cloud services (cloud computing).

Where to find us

Sinergetica Ltd.
Villalago Riviera, 54 - 67030 Villalago (AQ)


Privacy Information Site
Cookies Policy
Legal notices
Ethical code (italian)

Sinergetica Ltd.
Villalago Riviera 54 - 67030 Villalago (AQ)


Privacy Information Site
Cookies Policy
Legal notices
Ethical code (italian)