According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP).
The NIS Directive sets three primary objectives:
- to improve the national information security capabilities of the Member States;
- to build mutual cooperation at EU level; and
- to promote a culture of risk management and incident reporting among actors (OES and DSP) of importance for the maintenance of key economic and societal activities in the Union.
As part of the NIS series, we have already provided an overview of the Directive, and we have examined in detail the security requirements for DSPs and OES.