Position Paper: Directive on Security of Network and Information Systems across the EU

21 May 2021

In December last year, the Commission proposed a Cybersecurity Package which is an important part of the EU's digital transformation and recovery efforts.

The package consists of one strategic initiative and two legislative proposals:

  • EU Cybersecurity Strategy for the Digital Decade
  • Proposal for a Directive on measures for a high common level of cybersecurity across the Union (‘NIS 2')
  • Proposal for a Directive on the resilience of critical entities (RCE)

In response to the growing regulatory fragmentation within the EU, and the increasing threats posed by the surge in cyber-attacks experienced in recent years, a revised proposal of the Directive (NIS2) was submitted to expand the regulatory scope of the NIS1 Directive.

The scope of the NIS1 Directive was expanded to strengthen the security requirements, address the security of supply chains, streamline reporting obligations, and introduce stricter supervisory and enforcement measures, with the aim of increasing the level of security throughout Europe in the longer term.

CECIMO supports the overall policy approach and security objective of the NIS2 proposal. In that respect, CECIMO developed a position paper on a revised proposal of the Directive NIS 2 to address the scope of the Directive on the manufacturing sector.