Nov 9, 2018: New EU directive aimed at protecting critical services
EUROPEAN UNION - The date is the deadline for individual EU member states to notify regulators about companies connected to the Internet that provide critical services. The new Network and Information Systems Directive (NISD) also targets certain digital providers.
It was adopted on Jul 6, 2016, after three years of negotiations. Representatives of the EU’s 28 national governments unanimously approved the text. The General Data Protection Regulation (GDPR), designed to unify data privacy requirements across the EU, was adopted in the same year.
Member states were required to write the NSID measures to protect their essential systems into their laws by May 9, 2018, and to tell the European Commission how they would punish any infringements. Each state could choose its own scale of penalties and the way they would be applied. The fines for non-compliance can run into millions of euros.
Under the NISD the states are also required to make sure that the operators of critical services guard against being hacked and report significant security breaches to the authorities.
The rules also affect companies outside the EU that have operations in EU member states.