The NIS Directive introduces a new framework to guarantee and monitor the cyber-safety of key industries in the Community. Key industries are both the operators of essential services, like energy providers, and the digital services providers, like cloud services providers.
The NIS Directive covers both the setup of control authorities and guidelines for impacted companies.
It imposes the reporting of cyber incidents to competent authorities or a computer security incident response team.
Similarly, to GDPR, fines for not complying will exist.
Even if not mandatory for all industries, Khagan believes this directive is a source of inspiration for the cyber-security policy of any company, especially when analyzing it along GDPR.