The NIS Directive 2016/1148 (Network and Information Security), approved in 2016 and transposed by Legislative Decree No. 65 of 18 May 2018, published in the Official Gazette No. 132 of 9 June 2018 (which then came into force on 24 June 2018), aims to establish measures for the creation of a secure and reliable digital environment in Europe.
Highlights of NIS Directive
The Directive imposes on the Member States of the European Union the adoption of a series of common and adequate security measures, and obliges them, at the same time, to notify incidents to the national Authority instituted for this purpose. The States will also have to promote the creation of national CSIRTs (Computer Security Incident Response Teams), on the basis of CERT-EU, in order to create a European network dealing with the security of critical networks.
The aim of this legislation is to considerably reduce the risk of incidents in essential services, given that the growing interoperability of services and the exponential increase in the number of devices connected to networks, as well as the increase in cyber threats, are leading to a considerable increase in risks. The aim is also to standardise the security strategy across the various EU countries.
Which categories are targeted?
The NIS Directive and the implementing decree address two categories:
– Essential Service Operators (OES) established in the European Union, i.e. entities, public or private, providing essential services for society and the economy in the areas of health, energy, transport, banking, financial market infrastructure, drinking water supply and distribution, and digital infrastructure.
– Digital Service Providers (DSP), i.e. legal persons providing information society services (e-commerce, social networks, cloud computing, search engines, financial providers); legal persons providing e-commerce, cloud computing or search engine services, with head office, registered office or designated representative in the national territory.
Digital Service Providers with fewer than 50 employees or with a turnover of less than 10 million per year, i.e. small and micro enterprises, are not subject to the regulation.
Omnia fully complies with the NIS Safety Standard
Applications built on our platform have recently undergone an assessment. Omnia brilliantily passed all the tests and fully complies with the NIS Safety Standard.
You can rely on us to cope with compliance with European regulations!