Process to update EU network and information security directive progresses

Ministry of Transport and Communications
Publication date 21.12.2021 12.55
Press release
The paramedic looks at the display terminal in the ambulance. (Photo: Mika Pakarinen, Keksi / LVM)
The paramedic looks at the display terminal in the ambulance. (Photo: Mika Pakarinen, Keksi / LVM)

The work on updating the Directive on security of networks and information systems of the European Union (NIS Directive) is progressing. The Directive will be updated in response to the new kind of cyber environment. The Finnish Government supports the proposal for the Directive as it is at present and points out that, during the Council deliberations, the proposal has for the most part progressed in line with Finland's positions.

On 20 December 2021, the Government submitted a statement to Parliament on the progress made with respect to the Commission proposal and the next steps in the process.

The proposed Directive would repeal the first EU network and information security directive. Its objective is to improve the level of cybersecurity both in the EU as a whole and in Member States in terms of critical sectors and operators.

The proposal sets out risk management obligations for critical sectors of society to strengthen cyber security and obligations to report on cyber incidents. The proposal would harmonise the cyber security and reporting obligations and extend the scope of application to new sectors and operators, including public administration, the food sector and waste management. It would also continue the existing cooperation mechanisms and strengthen the cooperation.

Finland has been active during the processing of the proposal in line with the positions presented in the Union communication of 11 February 2021. A general approach on the content of the Directive was confirmed at the EU Telecommunications Council on 3 December 2021. The proposal is in line with Finland's policies and measures concerning information security and data protection.

The Commission's proposal is an important part of the new EU Cyber Security Strategy adopted in December 2020 and its objectives.

What's next?

The negotiations on the proposal for the Directive will continue next year with the European Parliament.


Marième Korhonen, Senior Specialist, tel. +358 50 535 0433, [email protected], Twitter: @MariemeKorhonen

Mari Starck, Director of Unit, tel. +358 50 478 1164, [email protected]