Publication of a Report about Cybersecurity by European Commission

20/01/2020

On 28 October 2019, the European Commission adopted a report assessing the consistency of the approaches taken by member states

On 28 October 2019, the European Commission adopted a report assessing the consistency of the approaches taken by member states in the identification of operators of essential services in accordance with Article 23(1) of Directive 2016/1148/EU on security of network and information systems (Cybersecurity Directive).

The report published provides an overview of how Member States have identified operators of essential services who have to put in place cyber-security measures and report major cyber-incidents due to their importance for the economy and society. The report concludes that some identification practices used by Member States can have a negative impact on the level playing field in the internal market and potentially render entities more vulnerable to cross-border cyber-threats The Commission proposes that Member States work together in the Cooperation Group established by the NIS Directive to further align the lists of essential services and the thresholds used to identify operators of essential services.