U.S. companies have been abuzz about compliance requirements with the European Union’s (EU) Global Data Protection Regulation (GDPR), which became effective May 25, 2018. The GDPR was so scary because the enforcement provisions allowed fines up to 2-4% of total global turnover. U.S. businesses are largely unaware, however, of the EU’s regulatory actions on cybersecurity, particularly the Directive on Security of Network and Information Systems, known as the NIS Directive.
Flag USA and Europe isolated on sky background
Getty
The Directive became effective August 9, 2016, and it empowers EU Member States to regulate – and enforce – cybersecurity requirements for a large number of companies. It was followed by a Communication from the Commission to the European Parliament and the Council (“Communication on NIS Directive”), which includes an Annex and is intended to help Member States implement the NIS Directive.
Although the EU has dominated the privacy issue since its 1995 Data Protection Regulation, the U.S. seized global leadership on cybersecurity in 2001 when President Clinton established the President’s Critical Infrastructure Protection Board via Executive…
