As the European Union braces for some shelling with its GDPR can(n)on, there’s something for the Digital Service Providers and businesses, especially those in online operations, as well. The Directive on Security of Network and Information Systems (NIS), that precedes GDPR, will come into effect on May 10, 2018. The directive aims to create an even standard for network and data security for all member states.
What do we need to know about NIS?
The Directive on Security of Network and Information Systems (NIS) is meant for Operators of Essential Services (OESs) and Digital Service Providers (DSPs) within the EU along with Britain. The major commandments of this cybersecurity legislation are putting into practice pertinent information technology and networking systems, raising the risk management mechanisms to identify cyber potential threats, and adopting security measures to minimize or eliminate the impact of breaches without hampering service continuity. There’s also an additional ordinance of sending out an alert regarding any security breach which might culminate into something dangerous.
OESs include energy, finance and banking services, healthcare, transport and digital services, while DSPs are everything related to the Internet such as search engines, cloud computing, and ecommerce services.
What are the exceptions?
Digital Service Providers with annual turnover of less than 10 million, also considered as small and micro businesses, need not comply. Although the directive also applies to offshore businesses providing services within EU, they will enjoy some flexibilities.
Other things to know about
- CSIRTs – Computer Incident Response Teams will be created under the NIS directive in all member states to help organizations get a clearer perspective about this new legislation and also the latest cyber threats.
- NCAs – The EU member states are required to create National Competent Authorities to aid as the information center for organizations during any emergency or for clarification purposes.
- Cooperation Group – In association with the EU Agency for Network and Information Security (ENISA), the member states have formed a Cooperation Group to promote adoption of effective cybersecurity measures among member states.
Indeed, there are penalties for not adhering to the NIS Directive as decided by the member states. The need to monitor and even provide entrée to the security measures being adopted by these service providers is also being discussed, though DSPs might get some relaxation in this regard. While the fame of Facebook is clouded by data privacy issues in the United States, it seems the clouds will soon start hovering over its European peaks too. Till then users need to be careful about the date being shared and the means of sharing it.