Call us on 03450 21 21 51

EU Cyber Security Directive on Essential Services
The SRM Blog

EU Cyber Security Directive on Essential Services


Written by SRM

25th May 2016

Share this article

Whatever the result of the EU Referendum, there are some aspects of our relationship with Europe that are unlikely to change, as long as we continue to engage in trade with our neighbours. Cyber security is a global issue and co-operation between states and continents is only likely to become greater over the coming years. A key area is cyber security for the operators of essential services and a new directive, due to come into force in August 2016, lays down a co-ordinated strategy for all EU member states.

When the Network and Information Security Directive comes into force it will further increase existing co-operation on cyber security. The proposed directive will require each EU country to designate one or more national authorities and to establish a strategy for dealing with cyber threats. It will set out the cyber security obligations for operators of essential services – such as energy, transport, finance and health – and digital service providers to manage cyber risks and report major security incidents.

The requirements and supervision for these operators will be stronger than for providers of digital services and reflects the degree of risk that any disruption to their services may pose to society and the economy.

EU member states will have 21 months from the directive’s entry into force to adopt the necessary national provisions. They will then have six further months to identify their operators of essential services.

Back to top