The revision of the NIS directive

The European Commission is currently consulting stakeholders on the revision of the Directive on security of network and information systems (the NIS Directive). Since the current Directive entered into force in 2016, the cyber-threat landscape has been evolving quickly. The Commission has now kick-started the procedure for the revision of the NIS Directive, starting with a public consultation that aims to collect views on its implementation and on the impact of potential future changes.

Since its adoption, the NIS Directive has ensured that Member States are better prepared for cyber incidents and have increased their cooperation through the NIS Cooperation Group. It obliges identified companies that provide essential services in vital sectors, namely in energy, transport, banking, financial market infrastructures, health, water supply and distribution and digital infrastructures (IXPs, DNS service providers and TLDs name registers), as well as key digital service providers, such as search engines, cloud computing services or online marketplaces, to protect their information technology systems and report major cybersecurity incidents to the national authorities.

The consultation, which will be open until 2 October 2020, seeks opinions and experiences from all interested stakeholders and citizens.

All members of LU-CIX are welcome to participate in the survey:


During the next Luxembourg Internet Days, Ms Svetlana Schuster, Head of Sector for the Implementation and Review of the NIS Directive at DG CONNECT of the European Commission, will update us about the status of the review process and the results of the public consultation.