EU-wide cybersecurity rules adopted by the Council

Council of the EU
  • 17/05/2016
  • 10:30
  • Press release
  • 251/16
  • Telecommunications
  • Single market
17/05/2016
Press contacts

Päivikki Ala-Honkola
Press officer
+32 22818648
+32 479955086

On 17 May 2016, the Council formally adopted new rules to step up the security of network and information systems across the EU.

The network and information security (NIS) directive will increase cooperation between member states on the vital issue of cybersecurity. It lays down security obligations for operators of essential services (in critical sectors such as energy, transport, health and finance) and for digital service providers (online marketplaces, search engines and cloud services). Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats. 

The Netherlands presidency together with the EU Agency for Network and Information Security (ENISA) has already started preparing the implementation of the directive. A first informal meeting of the network of Computer security incident response teams (CSIRT) set up under the directive took place in The Hague on 5 April, followed by a second meeting in Riga on 10 May. 

The Council position at first reading adopted today confirmed the agreement reached with the European Parliament in December 2015. To conclude the procedure, the legal act must still be approved by the European Parliament at second reading. The directive is expected to enter into force in August 2016. 

For more information, please see our press release from December 2015 (link below).