EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The directive on security of networks and information systems (NISD): One more critical step towards a ‘connected digital single market’ for the EU

Abigail Dubiniecki

Journal of Data Protection & Privacy, 2018, vol. 2, issue 1, 22-33

Abstract: The Directive on the Security of Networks and Information Systems (NISD) is the first EU-wide cybersecurity instrument. It aims to establish a common minimum high level of NIS security across the EU among operators of essential services (OES) within specific sectors — such as electricity, transport, water, energy, health, financial services and telecommunications — as well as digital service providers (DSPs), in order to secure the digital infrastructure that is vital to society and the economy through coordinated intelligence-sharing, capacity-building and cooperation across the EU, and consistent incident detection, reporting and response obligations, and operational risk management approaches. NISD entered into force in August 2016, only months after the General Data Protection Regulation (GDPR). Member states have until 9th May, 2018 to transpose it into their domestic law, and until 9th November, 2018 to identify the OES and DSPs who will be subject to it. Because it is a Directive, there will be variation across the EU. Significantly, an entity may find it is an OES in one member state, but not in another. This variation may raise compliance challenges. NISD is part of the broader EU legislative framework for data protection and cybersecurity that includes the GDPR (which protects personal data), the proposed ePrivacy Regulation (ePr) (which protects the privacy of electronic communications) and the proposed Cybersecurity Act (which will protect the security of information and communications technologies (ICT)). NISD aims to protect the foundational layer — the infrastructure — on which the Digital Single Market depends. Like the GDPR, and the proposed ePr, it is risk-based and outcomes-focused, and has a potentially extraterritorial effect. It comes into effect around the same time as the GDPR, yet has not received the same attention as the GDPR. Some entities working towards GDPR compliance, such as telecommunications companies and DSPs, may also be subject to NISD obligations. GDPR and NISD may converge in certain areas, but they are qualitatively different and therefore diverge in others. Entities seeking to comply with both NISD and GDPR should take care to ensure the approaches to both are aligned and streamlined where possible, and would do well to proactively engage with regulators to ensure they are on the right track.

Keywords: cybersecurity; GDPR; data protection; EU law (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2018
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/1845/download/ (application/pdf)
https://hstalks.com/article/1845/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2018:v:2:i:1:p:22-33

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:jdpp00:y:2018:v:2:i:1:p:22-33