This whitepaper gives an update to ENCS members on the revised NIS directive. On 16 December 2020, the European Commission adopted a proposal for a revised NIS directive: the directive on measures for a high common level of cybersecurity across the Union. The directive is meant to repeal the directive concerning measures for a high common level of security of network and information systems across the Union from 2016, also known as the NIS directive . The goal of the revised NIS directive is to achieve a harmonized, high level of cybersecurity across the European Union by incorporating feedback from the most recent consultations and filling some gaps found in the NIS version from 2016. The new directive, which focuses on enabling resilient infrastructure and critical services, is a key component of the Union’s new Cybersecurity Strategy for the Digital Decade. It was released alongside a proposal for a Directive on the Resilience of Critical Entities, which is the successor of the 2008 European Critical Infrastructure Directive.
The most important changes for grid operators seem to be:
- The scope was extended to include many parties important to grid stability
- Supervision and enforcement of the implementation is made stricter
- It may become mandatory to use of products, services, and processes certified under the Cybersecurity Act
- Provisions are added to integrate the upcoming network code on cybersecurity