NIS Directive

The NIS Directive – what is NIS and why does it exist?

NIS directive, The directive on Security of network and information systems.

The more digital our society becomes, the more regulations around this are needed to keep consumers and entrepreneurs safe. The NIS Directive has been created to increase the level of protection of socially critical infrastructure for EU Member States.

  • The NIS directive will increase the level of security of EU countries’ infrastructure
  • It came into force in 2018
  • NIS is only a directive and is therefore adapted to each country’s legislation
  • There is a difference between NIS and GDPR
  • Cloud services are sectors that are pointed out by NIS as extra important

NIS-direktivet NIS directive

Socially important services must have a high level of information security

To put it simply, the NIS directive is there to ensure that EU member states have a high level of security around socially critical infrastructure. It provides legal action to increase the overall level of cyber security in the EU.

Why does the NIS Directive exsist?

So-called cyber attacks, attacks on various systems and information channels, have increased significantly in recent years. It is easy to believe that only criminal actors are sitting in a dark basement room and hacking into various systems. But unfortunately, it is also state-supported actors with large resources who engage in this type of activity.

By giving all EU member states clear directives that help them increase their cyber security, the whole EU will have a more robust and secure system.

The Directive requires countries to take legal action to ensure certain key points. Countries must have the right equipment via a data security system (CSIRT) and a NIS authority with national competence. There must be cooperation, between the countries, via a CSIRT network. In addition to this, the NIS Directive ensures that member states have a safety culture around infrastructure. Actors in the sectors identified must take certain precautionary measures.

Key sectors to be identified

Some sectors are more vulnerable than others when it comes to cybersecurity. The banking and financial markets must, of course, maintain good security in order to secure countries’ economies. Healthcare is another example of a sector that is pointed out by the directive as an important part of regulating. Energy structures, transport and drinking water supply are important for keeping communities functioning. Digital infrastructure is one of the extra important sectors that needs to be regulated to maintain security around Europe. This can include everything from search engines, online markets and cloud services.

Different rules in different countries

NIS is a directive, which means that its implementation may look different in different countries. The directive is therefore adapted to each country’s own legislation.

What is the difference between GDPR and NIS?

There are actually quite large differences between the NIS Directive and the GDPR, although it may look quite similar at first glance. GDPR’s basic function is to protect personal data. NIS will instead help protect important infrastructure. GDPR is a general rule that looks the same everywhere while NIS is implemented according to the country’s prevailing legislation.

Read more about the NIS directive here: