Four European Commissioners have issued a statement ahead of the implementation of new EU-wide cybersecurity laws, which must be transposed into national law by next week.
The new EU-wide cybersecurity laws entered into force in August 2016, and member states had 21 months from that point to transpose them into national law. The Directive on Security of Network and Information Systems, also known as the NIS Directive, is the first EU-wide legally binding legislation on cybersecurity.
As the 9 May deadline approaches, four European Commissioners have welcomed the opportunity to boost cybersecurity in the wake of increasing threats from state-sponsored and independent actors. European Commission Vice President Andrus Ansip, alongside commissioners Dimitris Avramopoulos, Julian King and Mariya Gabriel, welcomed the introduction of a common level of security among network and information systems.
What did the commissioners say?
The commissioners called the adoption of the NIS Directive a “turning point” in the EU’s attempts to significantly increase its cybersecurity capacities, across all of the bloc’s member states, and argued that it has increased co-operation between member states.
They said: “Thanks to this first EU cybersecurity law, Member States have strengthened their cooperation for a European cybersecurity policy and are coordinating efforts to build their response capacities”.
The Connecting Europe Facility programme will provide some €38m in funding between now and 2020, to support the transposition of the NIS Directive into national law and support stakeholders, operators of essential services, and digital service providers, and the commissioners encouraged member states to take full advantage of this funding source.
What other efforts is the commission pursuing?
The commissioners also argued the need for additional efforts to be taken on the part of both the European Commission and its member states to further support the new EU-wide cybersecurity laws.
They urged: “To further boost the union’s cybersecurity, the EU should swiftly give a strong and permanent mandate to its Agency for Cybersecurity, the European Union Agency for Network and Information Security (ENISA) and establish an EU framework for cybersecurity certification.”
In addition, they suggested that work on a blueprint for co-operation in the event of a large-scale, cross-border cybersecurity incidents and crises be completed, in a way which would mainstream cyber concerns to existing crisis management mechanisms.