Network and Information Security (Directive)
cepPolicyBrief

Digital Economy

Network and Information Security (Directive)

Philipp Eckhardt
Philipp Eckhardt

The Directive aims to ensure a minimum level of network and information security. The Commission wants to impose technical requirements and reporting obligations on certain market operators and public authorities. The Member States are to adopt strategies for network and information security. 

cepPolicyBrief

Status

It is appropriate for Member States to take measures to increase the resilience of networks and information systems at international level because the effect of cyber-attacks is becoming increasingly cross-border in nature.

The security measures and reporting obligations are appropriate. The report should provide information about the gap in security which led to the incident.  However the Directive fails to specify minimum criteria for the content of the reports. SMUs should be exempt from the reporting obligation. The establishment of a central national authority is not compatible with the federal structure of the German state.

Download PDF

Network and Information Security COM(2013) 48 (publ. 05.22.2014) PDF 109 KB Download
Network and Information Security COM(2013) 48
Proposal for Directive COM(2013) 48 (publ. 05.22.2014) PDF 213 KB Download