A joint statement was issued by Andrus Ansip (EC Vice-President), Dimitrisz Avramopulosz, Julian King and Mariya Gabriel (EU Commissioners) on the first EU-wide legislation on cybersecurity, i.e. the Directive on Security of Network and Information Systems (NIS Directive) that Member States had to implement into national law by 9 May 2018. The aim of the NIS Directive and the efforts in the field of the cybersecurity is to ensure that products and services in the digital world are safe to use.
According to the joint statement, the adaption of the NIS Directive, i.e. the first EU-wide legally binding set of rules on cybersecurity, was a very tangible step forward to increase cybersecurity capacities. Due to the EU cybersecurity law, all of the Member States have to cooperate with each other for a European cybersecurity policy and have to harmonize their efforts to build their response capacities. The European Commission helps and assists to the transpositions of the Member States. To improve the cybersecurity further, the EU should give a strong and permanent mandate to its Agency for Cybersecurity, i.e. the European Union Agency for Network and Information Security (ENISA) and establish an EU framework for cybersecurity certification. The EU should integrate the cybersecurity to the existing crisis management mechanisms at EU level after completion of the joint work on the cooperation in the event of large scale cross-border cybersecurity incidents and crisis with the Member States.
In order to help the Member States to rapidly transpose the NIS Directive and to build their capabilities, the Connecting Europe Facility (CEF) programme is providing €38 million funding until 2020. This funding is to support national Computer Security Incident Response Teams, as well as other NIS Directive stakeholders, such as the operators of essential services and digital service providers. The Member States should use these opportunities given by this funding source to the fullest.