NIS Directive

The Network and Information Systems (NIS) Directive is an EU wide piece of legislation aimed at increasing the level of cybersecurity for critical infrastructure including utilities, transport, healthcare and digital services and to give them the opportunity to deploy best practice cybersecurity protocols.

This framework nurtures sustainability, mitigates risks, protects organizations and their information, safeguards their people and ensures a state of enhanced information resilience.

What is the purpose?

At a member state level, the NIS Directive is designed to secure critical infrastructure from cybersecurity threats by focusing on the three top-level objectives:

  • Improved cybersecurity capabilities at national level
  • Increased level of EU cooperation
  • Supervision of critical sectors         

Who does the NIS Directive apply to?

The NIS Directive places legal obligations on Operators of Essential Services (OES) and Digital Service Providers (DSP).

Operators of Essential Services (OES)

  • Energy – electricity, oil and gas
  • Transport – road, rail, air and waterways
  • Water – supply and distribution
  • Health – hospitals, private clinics
  • Digital Infrastructures – Top-level domain name registries, Domain name systems service providers and Internet exchange point operators.

Digital Service Providers (DSP)

  • Cloud computing services
  • Online search engines
  • Online marketplaces

Additional resources