• Skip to primary navigation
  • Skip to main content
  • Skip to footer
The Evolution of ESG RegulationThe Evolution of ESG RegulationThe Evolution of ESG Regulation

CUBE global

  • Products
        • RegPlatform product overviewOur enterprise product, providing regulatory intelligence for large, global financial institutions looking to tackle complex compliance.
        • RegAssure product overviewOur highly intuitive, seamless compliance product, that grows with your small or medium sized business.
        • CUBE's technology
  • Solutions
        • PrivacyGlobal governance for data privacy regulations, the world over
        • RecordsHolistic oversight of ever-growing regulations for records
        • CybersecurityAutomated workflows for up to date, relevant data on cyber
        • Technology riskEffective policies and controls to mitigate technology risk
        • Financial crime and AMLWatertight audit trails to show risk-based rationale
        • View all solutions
  • Resources
        • Resource hubLifting the lid on financial services, compliance, and regulation
        • Read

        • Case Studies
        • Blog posts
        • Reports
        • RegNews
        • Brochures
        • Find

        • Compliance Corner
        • Compliance confessions
        • ESG Conference
        • CUBE’s regulation game
        • Listen

        • Videos
        • Webinars
        • Podcasts
  • Partners
        • Advisory and consulting partnersEnhance your regulatory compliance offering with the entire suite of CUBE regulatory data.
        • Integration partnersCompliance is complex enough without over-complicated integration procedures.
        • Technology partnersAdd value to existing customer applications with a unified window into regulatory intelligence.
        • Partners overview
  • About us
        • About usThe story of who we are, how we got here and why we’re exceptionally proud of what we do
        • TeamThe visionaries and leaders powering CUBE’s success
        • NewsThe latest news from CUBE
        • CareersOur movement to transform regulatory data into regulatory intelligence
        • ContactWant to know more? Get in touch
  • Request a demo
Customer login
Home » Resources » What is the Network Information Systems Directive (NIS)?

Estimated reading time: 4 minutes

What is the Network Information Systems Directive (NIS)?

The Network Information Systems Directive (NIS) is part of a wider general cybersecurity regulation applied by the European Commission in 2018. It aims to support international cybersecurity prevention and reaction measures, protecting both the public and more specific critical industries.

History of cybersecurity in the EU

Information security in the European Union has long been a struggle as the individual politics of each country have played a part in how collaborative they have been. While the United States have approached the problem centrally with one US Cybersecurity Agency, the same cannot be said for Europe.  

Instead of offering a true open-source environment, certain information has previously been closed off in order to protect the individual interests of each Member State. Furthermore, some countries have not previously had access to a competent authority team for protecting their information system.

Now though, the Network and Information Systems Directive (NIS) has been introduced as the first piece of EU-wide legislation created to to standardize the systems and practices used to protect the cyber interests of the EU as a collective. Moreover, it aims to protect the function of every essential service, even while under cyber security attack.

This regulation will ensure that every EU Member State is using the latest methods, e.g. a Computer Security Incident Response Team, to prepare for cyber risks.

Features of NIS

The overarching purpose of NIS is to protect companies inside the EU against cybersecurity infiltration and attack. As the cybersecurity landscape evolved, so too did NIS, with the EU suggesting that it was necessary to implemented the Directive “quickly”.

These security measures have been introduced to keep data private and prevent sensitive information from falling into the wrong hands. Where inter-country tensions are currently extremely high in Europe, it will prove incredibly necessary for this EU directive to hold up successfully.

National capabilities

The national capabilities requirement of NIS refers to each individual country overseeing its cybersecurity measures. The securing of networks, information, and systems is important and not just a performative measure; it must be actually implemented. 

One example of this is that every country must establish a national cybersecurity plan. This includes defining what is actually deemed a ‘critical’ situation, as well as providing a process to work through in response to the occurrence of a crisis. The criteria for a crisis being over must also be defined, as well as who has the authority to handle it. 

Cross-border collaboration

The second part of the NIS cybersecurity strategy is cross-border collaboration. This feature refers to the sharing of information and digital infrastructure between the totality of the EU.

Collaboration can become the strongest weapon when averting a crisis situation since computer scientists need as much information as they can get. Furthermore, sharing data allows analysts to spot patterns in an organization and predict future trends (as well as a cyber threat) more easily. 

A couple of the NIS collaboration strategies include having every EU country operating within the CSIRT network and taking part in the strategic NIS cooperation group. They work alongside the Digital Operational Resilience Act, which performs penetrative testing in the financial services industry.  

Critical sector supervision

The final section of the NIS directive specifies the supervision of critical entities; specific to certain key industries that help European nations function in the case of a cyber incident. These include health, transport, water, energy, and of course, the financial sector. 

The regulation requires a national supervision team for across these sectors for EU member states to ensure that best practices are being followed. It works in support of the European Securities and Markets Authority, specifically in the financial services industry. 

A recent report found that many of the risks around complying with regulation were centered around a lack of skill and tools. So, this part of the directive enables better cyber resilience and easier identification of any security risk or security incident with an overarching team. 

Who must comply with NIS?

NIS applies to all financial services and adjacent companies since they are considered critical infrastructure industries. This means that as well as following the general framework, NIS compliance includes the cyber assessment framework, which reveals best practices in states of compromised cybersecurity. 

Moreover, financial institutions must follow the ENISA supporting guidance, and publish their own set of cybersecurity resilience measures. This applies to essential services only and aims to protect the personal data of their customers. 


Understand your cybersecurity obligations with CUBE.

Speak to the team

Related resources
View all articles
Lightbulbs
Compliance Corner

Fintech vs Regtech: what is the difference?

Image shows a hand at a cash machine, typing in their pin.
Compliance Corner

What is the Bank Secrecy Act?

All about the California Consumer Privacy Act
Compliance Corner

California Consumer Privacy Act 2023 Update

Horizon scanning for regulatory change management
Compliance Corner

What is horizon scanning in the compliance and regulatory world?


Want CUBE updates and latest industry news sent straight to your inbox?

Footer

Add CUBE logo here

  • Products
    • Partners
    • Solutions
  • Resource hub
    • Blogs
    • Reports
    • Brochures
    • Compliance Corner
    • Webinars
    • Podcasts
    • Videos
  • Behind CUBE
    • About us
    • Meet the team
    • Careers
    • News US
    • Contact us
  • The legal bits
    • Privacy policy
    • Cookie policy
    • Terms of use
    • Accessibility
Follow us:
  • LinkedIn
  • Twitter
  • YouTube

© 2023 CUBE Content Governance Global Limited

  • English
  • US