Addressing the risk: Policy framework
Directive (EU) 2016/1148 on the Security of Network and Information Systems (the NIS Directive) is the first EU-wide law on cybersecurity, and serves as a basis to ensure a high level of security of network and information systems across the EU.
The European Critical Infrastructure directive introduces a common approach for assessing these infrastructures with the aim of protecting the needs of citizens. The proposal for a directive on the resilience of critical entities intends to create an all-hazards framework to support Member States in ensuring that critical entities are able to prevent, resist, absorb and recover from disruptive incidents.
The roll out of 5G networks will also generate new security risks. To address these concerns, in March 2019 the Commission issued the Recommendation on Cybersecurity of 5G networks, inviting Member States to complete national risk assessments of 5G networks, work together at EU level on a coordinated EU-wide risk assessment, and to prepare a toolbox of possible mitigating measures.