Although the European Union’s Member States have recently completed the transposition of the NIS Directive into national laws, a report by ENISA (The European Union Agency for Network and Information Security) has highlighted the varied nature of these transpositions. The nature of competent authorities, lists of essential services, the notification processes, and obligations with respect to security measures, all vary from country to country.
In this disparate legal landscape, how should Operators of Essential Services (OESs), operating across several EU countries, structure their approach to compliance?
This insight aims to summarize the legislative differences between Member States and sets out possible approaches to compliance for OESs.