The ‘network and information security’ (NIS) directive


The Permanent Representatives Committee (Coreper) of the European Council has endorsed an informal deal with the European Parliament on the ‘network and information security’ (NIS) directive on 7 December. This NIS directive aims at increasing a common high level of digital security in the European Union. In general, the NIS directive tries to do this by improving Member States’ national cybersecurity capabilities and foster more cooperation in this area between Member States.

A secure digital environment

As has been stated by the European Commission, it is of great importance that consumers have trust in a digital environment for a well-functioning Digital Single Market. Since more and more services are offered digitally to consumers and citizens, such as healthcare, social networks and online shopping, it is important, according to the Commission, to fight against cybersecurity incidents. Ecommerce Europe fully supports this general approach and supports the Commission’s aim at creating a safe digital environment, especially for online consumers.

NIS directive: effects on online businesses and e-commerce platforms?

The NIS directive sets out cybersecurity requirements for Member States and certain businesses. Since failure to respond to cybersecurity threats will mean that consumers lose confidence in the digital world and businesses cannot use the full potential of the Digital Single Market, Ecommerce Europe supports the fact that cybersecurity requirements are proposed. However, it is still unclear to what extent online businesses and online e-commerce platforms will be affected and what the exact security- and incident reporting requirements will be for these groups. According to Ecommerce Europe, an administrative and financial burden for online shops should be prevented as much as possible, especially for smaller online businesses.

Next steps

The NIS directive still needs to be formally approved by the Council and then by the European Parliament. The procedure is expected to be finalised in spring 2016.  Ecommerce Europe will be closely following the final stage of negotiations in order to assess potential impacts on the e-commerce sector.