To meet current and emerging cyber security threats, EU Member States need to constantly develop and adapt their cyber security strategies. National cyber security strategies (NCSS) are the main documents of nation states to set strategic principles, guidelines, and objectives and in some cases specific measures in order to mitigate risk associated with cyber security.

In order to strengthen critical infrastructure against various threats and to uphold the trust of the EU citizens, the European Commission has proposed the Network and Information Security Directive (NIS Directive) in 2013.

In December 2015, the European Parliament and the Council reached an agreement on the Commission’s proposal. The European Parliament adopted the final Directive in July 2016 and it entered into force in August 2016.

The aim of the NIS Directive is to improve the EU Member States’ national cybersecurity capabilities, enhancing the cooperation between the Member States, the public and the private sector, while also requiring companies in critical sectors to report major incidents to national authorities and to adopt risk management practices.

One of the main provisions of the NIS Directive requires EU Member States to develop and adopt a national cyber security strategy (NCSS).  ENISA is supporting the efforts of EU Member States since 2012 by providing guidelines on how to develop, implement and update NCSS, analysing existing strategies and outlining good practices.

ENISA’s work on NCSS includes:

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information