This morning, Alston & Bird partner Jim Harvey issued an Advisory on the EU’s forthcoming Network Information Security Directive (“NIS Directive”). National laws passed to implement the NIS Directive will impose substantial new compliance responsibilities on providers of “essential services,” as well as on a broad range of “digital service providers”—potentially even if a digital service provider’s only EU presence is a website. Companies subject to the NIS Directive will be obligated to implement internal cybersecurity measures. Moreover, the NIS Directive establishes yet another EU-wide breach notification requirement for in-scope entities—a requirement that potentially overlaps with other breach-reporting requirements already existing under other EU legislation.
The Advisory details the scope and requirements of the NIS Directive. It also provides a side-by-side comparison of breach notification requirements under different EU legal acts so companies can see the potential for overlapping notifications—and consider the advantages of planning breach-response processes well in advance of any incident.
The Advisory can be found on our website at: www.alston.com/advisories/eu-data-security
Alston & Bird’s Cybersecurity Preparedness and Response Team is firmly grounded on both sides of the Atlantic. More information on the Team—as well as further publications—are available here.