NIS guideline
The European Directive (EU) 2016/1148 of 6 July 2016 laying down measures for a high common level of security of network and information systems in the Union, better known as the 'NIS Directive', was the first piece of EU legislation on field of cybersecurity. In the Netherlands, the NIS Directive was implemented in the Network and Information Systems Security Act (Wbni) in 2018. Although the NIS Directive has greatly increased the cybersecurity capabilities of the EU member states, the current directive does not provide an adequate response to the increasing threats related to take into account the further digitalization of society, including the sharp increase in cyber attacks.
New guideline: NIS2
In December 2020, the European Commission therefore submitted a proposal, which was largely adopted by the Council a year later[2], to replace the NIS Directive. The new NIS2 Directive aims to strengthen security requirements, address the security of supply chains, streamline reporting requirements and introduce stricter monitoring measures and enforcement requirements, including harmonized sanctions across the EU. The proposal also has an extended scope, requiring more entities and sectors to take action. All this should increase the level of cybersecurity in Europe in the longer term.