Directive 2016/1148 - Measures for a high common level of security of network and information systems across the Union - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
Contents
official title
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union| Legal instrument | Directive |
|---|---|
| Number legal act | Directive 2016/1148 |
| Original proposal | COM(2013)48  |
| CELEX number i | 32016L1148 |
| Document | 06-07-2016; Date of signature |
|---|---|
| Publication in Official Journal | 19-07-2016; OJ L 194 p. 1-30 |
| Signature | 06-07-2016 |
| Effect | 08-08-2016; Entry into force Date pub. +20 See Art 26 |
| Deadline | 09-05-2019; See Art 23.1 09-05-2021; See Art 23.2 |
| End of validity | 17-10-2024; Repealed by 32022L2555 |
| Transposition | 09-05-2018; Adoption See Art 25.1 10-05-2018; Application See Art 25.1 |
19.7.2016 |
EN |
Official Journal of the European Union |
L 194/1 |
DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 6 July 2016
concerning measures for a high common level of security of network and information systems across the Union
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
(1) |
Network and information systems and services play a vital role in society. Their reliability and security are essential to economic and societal activities, and in particular to the functioning of the internal market. |
(2) |
The magnitude, frequency and impact of security incidents are increasing, and represent a major threat to the functioning of network and information systems. Those systems may also become a target for deliberate harmful actions intended to damage or interrupt the operation of the systems. Such incidents can impede the pursuit of economic activities, generate substantial financial losses, undermine user confidence and cause major damage to the economy of the Union. |
(3) |
Network and information systems, and primarily the internet, play an essential role in facilitating the cross-border movement of goods, services and people. Owing to that transnational nature, substantial disruptions of those systems, whether intentional or unintentional and regardless of where they occur, can affect individual Member States and the Union as a whole. The security of network and information systems is therefore essential for the smooth functioning of the internal market. |
(4) |
Building upon the significant progress within the European Forum of Member States in fostering discussions and exchanges on good policy practices, including the development of principles for European cyber-crisis cooperation, a Cooperation Group, composed of representatives of Member States, the Commission, and the European Union Agency for Network and Information Security (‘ENISA’), should be established to support and facilitate strategic cooperation between the Member States regarding the security of network and information systems. For that group to be effective and inclusive, it is essential that all Member States have minimum capabilities and a strategy ensuring a high level of security of network and information systems in their territory. In addition, security and notification requirements should apply to operators of essential services and to digital service providers to promote a culture of risk management and ensure that the most serious incidents are reported. |
(5) |
The existing capabilities are not sufficient to ensure a high level of security of network and information systems within the Union. Member States have very different levels of preparedness, which has led to fragmented approaches across the Union. This results in an unequal level of protection of consumers and businesses, and undermines the overall level of security of network and information systems within the Union. Lack of common requirements on operators of essential services and digital service providers in turn makes it impossible to set up a global and effective mechanism for cooperation at Union level. Universities and research centres have a decisive role to play in spurring research, development and innovation in those areas. |
(6) |
Responding effectively to the challenges of the security of network and information systems therefore requires a global approach at Union level covering... |
More
This text has been adopted from EUR-Lex.
This dossier is compiled each night drawing from aforementioned sources through automated processes. We have invested a great deal in optimising the programming underlying these processes. However, we cannot guarantee the sources we draw our information from nor the resulting dossier are without fault.
This page is also available in a full version containing the summary of legislation, the legal context, de Europese rechtsgrond, other dossiers related to the dossier at hand, the related cases of the European Court of Justice and finally consultations relevant to the dossier at hand.
The full version is available for registered users of the EU Monitor by ANP and PDC Informatie Architectuur.
The EU Monitor enables its users to keep track of the European process of lawmaking, focusing on the relevant dossiers. It automatically signals developments in your chosen topics of interest. Apologies to unregistered users, we can no longer add new users.This service will discontinue in the near future.