NIS Directive Gets Real After OES Deadline

NIS Directive Gets Real After OES Deadline

The implementation of major EU-wide security legislation took a major leap forward on Friday as the government officially identified the organisations that will be required to comply with the NIS Directive.

Known in full as the directive on the security of network and information systems, the law will be applied slightly differently by each member state.

A key driver for the directive is to improve baseline security among providers of critical infrastructure, known as “operators of essential services” (OES). It will help to do this with GDPR-like maximum fines of £17m or 4% of global annual turnover, and mandatory 72-hour notifications of serious incidents.

By Phil Muncaster

To read the full article click here.