1. Introduction
In the last years, cybersecurity has become one of the European Commission’s critical priorities. Given that the landscape of threats has significantly expanded, it comes as no surprise that the Commission has proposed a revised version (the “Proposal”) of the Directive concerning measures for a high common level of security of network and information systems across the Union1 (“NIS Directive”).
In one of our previous articles2, we have touched upon the issue of the potential amendments to NIS Directive. The most important novelties are summarised below.
The Proposal has been published by the Commission on December 16, 2020 and has now reached the preparatory phase in the European Parliament. A final version might be adopted in the earlier months of 2021.
2. What are the changes?
We think that the aspects listed below are of the utmost importance.
2.1. Changes in scope: new entities and sectors covered by the Proposal
The NIS Directive contains distinct rules for operators of essential services (“OESs”) and for digital services providers (“DSPs”). Although guidance on how to identify the entities that qualify as OESs has been published, the…