On June 25, 2020, the European Commission (the “EU Commission”) launched a public consultation on the revision of the Directive on Security of Network and Information Systems (the “NIS Directive”). According to the EU Commission, a revision is needed because cybersecurity capabilities in EU Member States remain unequal despite progress made with the NIS Directive, and the level of protection in the EU is insufficient. In addition, the rapid digitalization of society has expanded the threat landscape and presents new challenges requiring adaptive and innovative responses.

According to the consultation document, the review will, among other things: (1) evaluate the functioning of the NIS Directive based on the level of security of network and information systems in Member States, and (2) assess the effectiveness, efficiency, coherence, relevance and value-add of the NIS Directive, taking into account the evolving technological and threat landscape.

The public consultation remains open until August 13, 2020. According to the EU Commission, the review of the NIS Directive will be accelerated so that it is completed by the end of 2020, and will possibly result in the proposal of a new legal act.