Directive 2016/1148, the NIS or Network and Information Security Directive was adopted on 6 July 2016 by the Parliament and the Council of the European Union to fill the numerous existing cyber security gaps. This European directive aims at creating equivalent rules in the European Union Member States to securitize networks and information systems. It should be transposed into internal Member State legislation by 9 May 2018, at the latest.

For businesses constantly confronted with cyber threats and and technical failures, the Directive will creates a cyberspace secure to that their work may be carried out without risk.

To create a secure online space, a user can warn and give notice of each cybersecurity incident to the competent national bodies called the “single point of contact” and “competent national authorities”. The Directive thus proposes to create a European cooperation mechanisms called the “Cooperation Group” and “Computer Security Incident Response Teams” (CSIRT). Businesses, the main victims of cybercrime, can thus identify, report and solve problems associated with cybersecurity incidents at the national and European levels. However, certains European associations such as the AFDEL (Association Française des Editeurs de Logiciels et de Solutions Internet, or French Association for Software Publishers and Internet Solution) are critical. For them, mid-sized companies should, as applicable, raise funds to finance better network and information systems security by undermining their competitivity.

Operators of essential services and digital service providers will incur significant obligations vis-à-vis enterprises. The sectors most susceptible to cyber-threats (banking, finance, E-commerce) have greater risks with respect to data received and potentially transmitted. That is why they must guarantee better management and prevention of the risks to users.

Finally, a “national strategy” is an important aspect of the Directive. To better evaluate and prevent cyber-attacks, users must be informed of the risks they run. Thus, Member States are subject to digital security reinforcement through new obligations (targeting national strategy actors and evaluating risks). This responsabilization of users is an element to consider and develop because, despite the hardening of legislation, cybercrime touches more and more businesses.