In October 2020, ENCS provided input to the European Commission’s NIS Directive Consultation. An extended summary of our responses and insights is available on the ENCS portal:

Since the entry into force of the NIS Directive in 2016, the cyber threat level has increased significantly. Yet, much remains to be done for companies in the EU to counter this development. ENCS emphasizes that it is vital to promote a culture of security across all sectors critical for our economy and society. As risks transcend national borders, cybersecurity measures need to be aligned at the Union level. To achieve this, both the capabilities of Member States and the level of cooperation among them needs to be improved.

For the NIS Directive to be effective and efficient, ENCS strongly believes that the question of who is considered an Operator of Essential Services needs to be revisited. Also, an ISMS-based security risk management, harmonized vulnerability disclosure as well as timely and complete incident information sharing practices are needed to counter current and future cyber threats.