Supporting the implementation of Union policy and law regarding cybersecurity.

NIS Directive

The NIS Directive (EU 2016/1148) was the first piece of EU-wide cybersecurity legislation. Its goal is to enhance cybersecurity across the EU. The NIS directive was adopted in 2016 and subsequently, because it is an EU directive, every EU member state started to adopt national legislation, which follows or ‘transposes’ the directive. EU directives give EU countries some level of flexibility to take into account national circumstances, to, for example, re-use existing organisational structures or to align with existing national legislation. The national transposition by EU Member States took place on 9 May 2018.

ENISA assists Member States as well as the Cooperation Group in their tasks by:

  • Identifying good practices in the Member States regarding the implementation of the NIS directive;
  • Supporting the EU-wide reporting process for cybersecurity incidents, by developing thresholds, templates and tools;
  • Agreeing on common approaches and procedures;
  • Helping Member States to address common cybersecurity issues.

The EU Commission published a proposal for NIS2 in December 2020. The the main objectives of NIS2 are to cover a larger share of the economy and society by including more sectors, to replace the identification process established in NISD, and to create a higher level of harmonization regarding security requirements and reporting obligations.

ENISA will continue to support the implementation of the NIS directive as part of its mandate and its work programme.

Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information