05 October, 2020
ETNO Position Paper on the Review of the NIS Directive
ETNO supports the European Commission’s global approach to cybersecurity reaffirmed in the “Shaping Europe’s Digital Future” communication and welcomes the upcoming revised European Cybersecurity Strategy, including a review of the Directive on security of network and information systems (NIS Directive).
We believe that cybersecurity is of paramount importance, especially with the ongoing digitalisation of the entire society and economy that may be accelerated following the current COVID crisis. When designed, cybersecurity policy should take on board existing EU or international standards and good practices by the industry and acknowledge that there cannot be a one-size-fits-all set of cybersecurity measures. Cybersecurity challenges and measures vary considerably depending on the sector (e.g. critical infrastructures, government etc.), the type of users (consumers vs. enterprises), the types of data etc.
Several telecommunications operators and ETNO members are active across multiple countries in the European single market. Therefore, our industry calls for a legislative framework that provides for a high common level of cybersecurity and legal certainty. A fragmented set of European and national rules would inevitably lead to market distortions and differing security standards.
We would hereby like to point to gaps in the existing NIS Directive and in its implementation, and to recommend possible improvements from the perspective of the already highly regulated telecommunications industry.
The review of the NIS Directive should meet the following key objectives:
- Address all relevant actors, in particular by including vendors of hardware and software in the scope of the reviewed legislation to achieve a more robust, secure and resilient digital value chain;
- Ensure coherence and consistency between different legislative instruments to avoid complexity and redundancy in the application of security requirements, in particular with the provisions of the European Electronic Communications Code, the EU Cybersecurity Act and with new measures on critical infrastructure protection;
- Reduce fragmentation within the Single Market through legislation that provides for a harmonised implementation across Member States, and hence more legal certainty for pan-European operators;
- Expand public private cooperation to raise awareness and build skills and competences that are essential in an increasingly digitalised economy and society.
Read the Position Papaer in full at the link below.