{"id":16638,"date":"2021-09-21T18:30:00","date_gmt":"2021-09-21T17:30:00","guid":{"rendered":"http:\/\/riskinsight-prepro.s189758.zephyr32.atester.fr\/?p=16638"},"modified":"2021-10-04T10:25:32","modified_gmt":"2021-10-04T09:25:32","slug":"en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/","title":{"rendered":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States&#8230;toward convergence ?"},"content":{"rendered":"\n<p style=\"text-align: justify;\">The <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/HTML\/?uri=CELEX:32016L1148\"><em>Network and Information System Security &#8211; (UE) 2016\/1148<\/em><\/a> directive, commonly referred to as <strong>NIS<\/strong>, \u00a0was a European directive adopted by the European parliament on July, 6<sup>th<\/sup> , 2016. It has been transposed by member states into their national legislations until May 9<sup>th<\/sup>, 2018. In the United Kingdom, the NIS requirements have been included in <a href=\"https:\/\/www.legislation.gov.uk\/uksi\/2018\/506\/pdfs\/uksi_20180506_en.pdf\">The Network and Information Systems Regulation<\/a>\u00a0 which came \u00a0into force on May 10<sup>th<\/sup>, 2018 and \u00a0the <a href=\"https:\/\/www.legislation.gov.uk\/uksi\/2020\/1245\/pdfs\/uksi_20201245_en.pdf\">The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations<\/a> \u00a0came into force on December 31<sup>st<\/sup>, 2020.<\/p>\n<p style=\"text-align: justify;\">The NIS directive is the <strong>first initiative of EU-wide legislation on cybersecurity<\/strong>. Its goal is to <strong>ensure a high and common level of security for European information systems and networks<\/strong>. To achieve this objective the directive focuses on four key points:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Consolidating the member states\u2019 <strong>national cybersecurity capabilities<\/strong><\/li>\n<li>Creating a <strong>political and organizational cooperation framework<\/strong> on cybersecurity across the EU,<\/li>\n<li>Ensuring the cybersecurity of <strong>operators of essential services<\/strong> (OES). OES are private or public entities <strong>providing essential services for the maintenance of economic and societal activities<\/strong>. The provision of these services <strong>depends on network and information systems<\/strong>.<\/li>\n<li>Ensuring the cybersecurity of <strong>digital service providers<\/strong> (DSP). DSPs are defined as \u201c<em>any service normally provided for remuneration, at a distance by electronic means and at the individual request of a recipient of services<\/em>\u201d<a href=\"#_ftn1\" name=\"_ftnref1\">[1]<\/a>. Three types of services are mentioned in the NIS Directive: <strong>Cloud computing services<\/strong>, <strong>online marketplace<\/strong> and <strong>online search engines<\/strong>.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">On the one hand, the security of operators of essential services is a <strong>sovereign prerogative of states while on<\/strong>n the other hand, the role of the EU is to ensure the <strong>proper functioning of the European market<\/strong>. In order to reconcile these two objectives, the NIS directive clearly states that: \u201c<em>This Directive should be without prejudice to the possibility for each Member State to take the necessary measures to ensure the protection of the <strong>essential interests of its security<\/strong>, to <strong>safeguard public policy<\/strong> and <strong>public security<\/strong>, and to allow for the investigation, detection and prosecution of criminal offences.\u201d<\/em><a href=\"#_ftn2\" name=\"_ftnref2\"><em><strong>[2]<\/strong><\/em><\/a><em>.<\/em> Each country can <strong>therefore adapt the legislative text to fit its priorities and strategic objectives<\/strong> as well as to guarantee its security and that of its networks and information systems. The NIS directive, however, sets <strong>common requirements<\/strong> in terms of; <strong>transposition of the directive into national legislation<\/strong>, of <strong>sectors concerned<\/strong>, of <strong>risk identification<\/strong>, of <strong>supervision<\/strong>, of <strong>implementation of technical and organisational measures<\/strong>, of <strong>cyber incident notification<\/strong>, and of <strong>sanctions in case of non-compliance<\/strong>.<\/p>\n<p style=\"text-align: justify;\">This analysis brings together elements on the transposition of the NIS directive in each of the <strong>27 member states<\/strong> of the European Union, as well as in the <strong>United-Kingdom<\/strong> and <strong>Switzerland<\/strong>. It highlights the various approaches and underlines the similarities and differences between countries, especially in the context of the upcoming evolution of the legislative text. Indeed, a <strong>proposal to revise the NIS directive<\/strong> has been adopted by the European Commission in December 2020 and <strong>aims at replacing the original text<\/strong>.<\/p>\n<h1 style=\"text-align: justify;\">An achieved transposition for certain themes\u2026<\/h1>\n<p><strong>Different types and numbers of legislative texts to transpose the NIS<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16866 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image1-3-437x82.png\" alt=\"\" width=\"437\" height=\"82\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image1-3-437x82.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image1-3-71x13.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image1-3-768x144.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image1-3.png 1526w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\"><strong>The transposition of the NIS occurred in all the national legislations of EU member states. <\/strong>However, there is <strong>heterogeneity in the type of legislative text adopted<\/strong>. In most countries, the transposition takes the form of a <strong>law<\/strong> (<strong>twenty-two countries<\/strong>), to which <strong>thirteen countries<\/strong> have added <strong>at least on other legislative text<\/strong> (ordinance, decree, regulation, amendment or ministerial decision). In <strong>two countries,<\/strong> the transposition took place in <strong>each sectoral law<\/strong> which increases the number of legislative texts (<strong>four texts or more<\/strong>).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16878 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3-418x191.png\" alt=\"\" width=\"499\" height=\"228\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3-418x191.png 418w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3-71x32.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3-768x351.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3-1536x701.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image7-3.png 1818w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/p>\n<p><strong>A general implementation of cyber incident notification processes<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16868 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image2-3-437x105.png\" alt=\"\" width=\"437\" height=\"105\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image2-3-437x105.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image2-3-71x17.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image2-3-768x185.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image2-3.png 1152w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\"><strong>All countries <\/strong>managed to implement cyber incident notification processes. Once again, there are various approaches depending on the country.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16880 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3-400x191.png\" alt=\"\" width=\"457\" height=\"218\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3-400x191.png 400w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3-768x367.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3-1536x734.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image8-3.png 1934w\" sizes=\"auto, (max-width: 457px) 100vw, 457px\" \/><\/p>\n<p style=\"text-align: justify;\">There are six different procedures for transmitting alerts during a cyber incident:<\/p>\n<ul style=\"text-align: justify;\">\n<li>In the first case (<strong>nine countries<\/strong>), the operator of essential services must first notify the <strong>competent national authority<\/strong> of the occurrence of a cyber incident,<\/li>\n<li>A second process (<strong>ten countries<\/strong>) exists in which the first point of contact is the <strong>CSIRT<\/strong>, the <strong>Computer Security Incident Response Team<\/strong>, also called <strong>CERT<\/strong> (Computer Emergency Response Team),<\/li>\n<li>In a lower number of cases (<strong>three countries<\/strong>), the OES must notify the <strong>competent sectoral authority<\/strong>,<\/li>\n<li>The notification of cyber incident is carried out via a <strong>secure platform<\/strong> in <strong>four countries<\/strong>.<\/li>\n<li>Even less frequently (<strong>two countries<\/strong>), the <strong>single point of contact<\/strong> (SPOC) has to be alerted.<\/li>\n<li>Finally, for one country (Hungary), the OES alerts an <strong>event management centre<\/strong>.<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">In addition,<strong> all member states<\/strong> must notify the <strong>point of contact of a member state,<\/strong> if it is also affected by the cyber incident, and must inform the <strong>public<\/strong> when necessary.<\/p>\n<p><strong>To comply with the constraints imposed by the NIS, certain states have even gone further<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16870 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image3-3-437x103.png\" alt=\"\" width=\"437\" height=\"103\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image3-3-437x103.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image3-3-71x17.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image3-3-768x181.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image3-3.png 1340w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\">The NIS directive initially applies to the following sectors: <strong>transport, energy, health, drinking water, banking, finance, <\/strong>and<strong> digital<\/strong>. In the transposition, more <strong>than half of the analysed countries<\/strong> added other essential <strong>sectors and sub-sectors<\/strong> in addition to the seven previously mentioned. They are listed below, sorted by frequency of occurrence\u00a0:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Austria, Croatia, Cyprus, Lithuania, Malta, Slovakia, Spain and Switzerland also mention<strong> public administration<\/strong>,<\/li>\n<li>Cyprus, Estonia, Germany, Lithuania, the Netherlands, Slovakia, Spain and Switzerland add <strong>information and communication technologies<\/strong> and <strong>IT<\/strong>.<\/li>\n<li>Estonia, France, Germany, Hungary, Lithuania, Slovenia, Spain, Switzerland add<\/li>\n<li>The Czech Republic, Lithuania, the Netherlands, Spain complete the list with <strong>industry<\/strong>.<\/li>\n<li>Estonia, Germany and Switzerland also mention <strong>heating and housing<\/strong>.<\/li>\n<li>Lithuania and Slovakia subjoin <strong>defence<\/strong>, Switzerland <strong>national security<\/strong>.<\/li>\n<li>Lithuania and Slovenia add the <strong>protection of the environment<\/strong>.<\/li>\n<li>France is the only one to add <strong>education<\/strong>.<\/li>\n<li>Spain is the only one to mention <strong>space<\/strong> and <strong>research centres<\/strong>.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16882 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3-392x191.png\" alt=\"\" width=\"443\" height=\"216\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3-392x191.png 392w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3-71x35.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3-768x374.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3-1536x749.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image9-3.png 1908w\" sizes=\"auto, (max-width: 443px) 100vw, 443px\" \/><\/p>\n<h1 style=\"text-align: left;\">\u2026 However, the variation needs to be finalized on other themes.<\/h1>\n<p><strong>Strong disparities on state supervision<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16876 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image6-3-437x103.png\" alt=\"\" width=\"437\" height=\"103\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image6-3-437x103.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image6-3-71x17.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image6-3-768x181.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image6-3.png 1238w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\">Several categories and different levels of control are exercised by authorities to certify compliance with the NIS. The strong disparities concern in particular the <strong>authorities ensuring the control<\/strong> (national or sectoral authority) as well as the <strong>expected level of control<\/strong> (supervision, inspection, audit, evaluation\u2026): there is <strong>no consensus<\/strong> around the process to adopt. Moreover, <strong>six countries<\/strong> <strong>do not provide any information <\/strong>on the type of supervision implemented.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16884 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3-433x191.png\" alt=\"\" width=\"526\" height=\"232\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3-433x191.png 433w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3-71x31.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3-768x338.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3-1536x677.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image10-3.png 1906w\" sizes=\"auto, (max-width: 526px) 100vw, 526px\" \/><\/p>\n<p><strong>Heterogeneous level and diffusion of security measures<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16872 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image4-3-437x100.png\" alt=\"\" width=\"437\" height=\"100\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image4-3-437x100.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image4-3-71x16.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image4-3-768x176.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image4-3.png 1381w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\">Except for <strong>six countries<\/strong> for which no information has been given on the type of security measures implemented, there are two main approaches:<\/p>\n<ul style=\"text-align: justify;\">\n<li>The security measures are directly mentioned in the <strong>body of the legislative text(s)<\/strong> transposing the NIS (<strong>eleven countries<\/strong>),<\/li>\n<li>They are enumerated in; a <strong>guide<\/strong>, a <strong>list of recommendations<\/strong>, an <strong>online publication<\/strong> and established by <strong>different entities<\/strong> (government, regulation, decree\u2026) in <strong>twelve countries<\/strong>.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16886 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3-386x191.png\" alt=\"\" width=\"453\" height=\"224\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3-386x191.png 386w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3-71x35.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3-768x380.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3-1536x759.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image11-3.png 1726w\" sizes=\"auto, (max-width: 453px) 100vw, 453px\" \/><\/p>\n<p style=\"text-align: justify;\">For the measures included in the body of the legislative text(s), there are <strong>similarities<\/strong> on their organisation:<\/p>\n<ul style=\"text-align: justify;\">\n<li>The <strong>international norm ISO27001<\/strong> and the <strong>cybersecurity framework NIST<\/strong> are used as models to establish the security measures in respectively <strong>four and two countries<\/strong>.<\/li>\n<li>The same <strong>six categories<\/strong> (security of systems and installations, handling of incidents, business continuity management\u2026) are used in <strong>four countries<\/strong>.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16888 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3-395x191.png\" alt=\"\" width=\"437\" height=\"211\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3-395x191.png 395w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3-71x34.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3-768x371.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3-1536x743.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image12-3.png 1772w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p><strong>Different amount and format of penalties<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-16874 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image5-3-437x101.png\" alt=\"\" width=\"437\" height=\"101\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image5-3-437x101.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image5-3-71x16.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image5-3-768x178.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image5-3.png 1211w\" sizes=\"auto, (max-width: 437px) 100vw, 437px\" \/><\/p>\n<p style=\"text-align: justify;\">The financial penalty for not complying with the directive varies in the different countries and can range from <strong>less than a 100k<\/strong><strong>\u20ac to 20M<\/strong><strong>\u20ac maximum<\/strong> (except for Finland which has not implemented any sanctions). Most countries have chosen to apply a fine of <strong>less than 200k<\/strong><strong>\u20ac<\/strong> (<strong>eighteen countries<\/strong>) whereas <strong>four countries<\/strong> have decided that the maximum should be <strong>beyond 1M<\/strong><strong>\u20ac<\/strong>. It should also be noted that the sanctions are likely to <strong>accumulate in the event of<\/strong> <strong>multiple non-conformities<\/strong>, which does not make the <strong>overall maximum amount of a sanction<\/strong> a certainty.<\/p>\n<p style=\"text-align: justify;\"><strong>Imprisonment sentences<\/strong> have been implemented in <strong>two countries<\/strong> (Belgium and Cyprus).<\/p>\n<p style=\"text-align: justify;\">Finally, <strong>four countries<\/strong> have not yet communicated the penalties in case of non-compliance.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-16890 aligncenter\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3-372x191.png\" alt=\"\" width=\"448\" height=\"230\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3-372x191.png 372w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3-71x36.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3-768x394.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3-1536x788.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/Image13-3.png 1770w\" sizes=\"auto, (max-width: 448px) 100vw, 448px\" \/><\/p>\n<h1 style=\"text-align: justify;\"><strong>Conclusion<\/strong><\/h1>\n<p style=\"text-align: justify;\">The goal of the NIS directive was to <strong>address the unequal levels of security of networks and information systems<\/strong> within the European Union. To achieve it, it has now been transposed in <strong>all the member states<\/strong>. This has led to the <strong>creation of a common security framework<\/strong> while also leaving the possibility for states to ensure <strong>their security and the protection of their essential and strategic interests<\/strong>. Indeed, <strong>each country designates its operators of essential services<\/strong> and <strong>chooses the sectors it deems the most strategic to protect<\/strong>. In addition, the transposition of the directive as well as the supervision and cyber incident notification processes are carried out by the <strong>authority deemed competent. This is non dependant<\/strong>whether <strong>national<\/strong> or <strong>sectoral<\/strong>, whether it is the <strong>CSIRT<\/strong> or the <strong>single point of contact<\/strong>. This flexibility makes it possible for the NIS to adapt to the organisation of all member states. There are <strong>visible similarities<\/strong> creating groupings between the countries, as well as <strong>major dissimilarities.<\/strong> These leave room for many variations and make the comparison relevant and rich.<\/p>\n<p style=\"text-align: justify;\">A <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:52020PC0823\">proposal to revise the NIS directive<\/a> \u00a0was adopted in December 2020, but its provisional calendar has not yet been communicated. However, its main objectives has \u00a0been listed and includes <strong>reaching a higher level of cybersecurity and more homogeneous processes<\/strong> within the EU, while further <strong>increasing the cooperation between member states<\/strong>. The revision of the NIS directive revolves around;<\/p>\n<ul style=\"text-align: justify;\">\n<li>the <strong>abandonment of the distinction between OES and DSPs<\/strong><\/li>\n<li>the <strong>designation of OES by the Directive and not the states<\/strong><\/li>\n<li>the <strong>creation of a new European network for major cyber incidents<\/strong><\/li>\n<li><strong>imposition of CSIRTs supportive of entities<\/strong>,<\/li>\n<li>the <strong>control by the states of the technical and organisational measures implemented<\/strong> (for risk analysis and crisis management).<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">These changes will be detailed further in a new article.<\/p>\n<p>\u00a0<\/p>\n<h3 style=\"text-align: justify;\">Sources\u00a0:<\/h3>\n<p style=\"text-align: justify;\">Directive Network and Information System &#8211; Article ANSSI Link: <a style=\"font-size: revert;\" href=\"https:\/\/www.ssi.gouv.fr\/entreprise\/reglementation\/directive-nis\/\">Link to the article on NIS Directive<\/a><\/p>\n<p style=\"text-align: justify;\">Directive (EU) 2016\/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union Link : <a style=\"font-size: revert;\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/FR\/TXT\/HTML\/?uri=CELEX:32016L1148\">Link to the NIS Directive<\/a><\/p>\n<p style=\"text-align: justify;\">On Digital Service Providers (DSPs) \u2013 ANSSI Article \u2013 May 23rd 2018 Link : <a style=\"font-size: revert;\" href=\"https:\/\/www.ssi.gouv.fr\/entreprise\/reglementation\/directive-nis\/faq-des-fournisseurs-de-service-numerique-fsn\/#:~:text=La%20directive%20NIS%20d%C3%A9finit%20le,'un%20destinataire%20de%20services%20%C2%BB\">Link to the article on DSPs<\/a><\/p>\n<p style=\"text-align: justify;\">On Operators of Essential Services (OES) \u2013 ANSSI Article Link : <a style=\"font-size: revert;\" href=\"https:\/\/www.ssi.gouv.fr\/entreprise\/reglementation\/directive-nis\/faq-operateurs-de-services-essentiels-ose\/#:~:text=Qu'est%2Dce%20qu',%C3%A9conomie%20ou%20de%20la%20soci%C3%A9t%C3%A9\">Link to the article on OES<\/a><\/p>\n<p style=\"text-align: justify;\">Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on measures for a high common level of cybersecurity across the Union, repealing Directive (EU) 2016\/1148 Link: <a style=\"font-size: revert;\" href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:52020PC0823\">Link to the proposal of the revised NIS Directive<\/a><\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref1\" name=\"_ftn1\">[1]<\/a> Directive (EU) 2015\/1535 of the European Parliament and of the Council of 9 September 2015.<\/p>\n<p style=\"text-align: justify;\"><a href=\"#_ftnref2\" name=\"_ftn2\">[2]<\/a> Directive (UE) 2016\/1148 of the European Parliament and of the Council of 6 July 2016.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Network and Information System Security &#8211; (UE) 2016\/1148 directive, commonly referred to as NIS, \u00a0was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations&#8230;<\/p>\n","protected":false},"author":1325,"featured_media":16665,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3271,3977],"tags":[2894,3356,2807],"coauthors":[3049,3982],"class_list":["post-16638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-compliance-en","category-focus","tag-european-directive","tag-nis-en","tag-regulation"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight<\/title>\n<meta name=\"description\" content=\"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-21T17:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-04T09:25:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"845\" \/>\n\t<meta property=\"og:image:height\" content=\"562\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nicolas Lefebvre\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicolas Lefebvre\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\"},\"author\":{\"name\":\"Nicol4sVanThieghem\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6a166ed77a930951307e431880e76a80\"},\"headline\":\"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States&#8230;toward convergence ?\",\"datePublished\":\"2021-09-21T17:30:00+00:00\",\"dateModified\":\"2021-10-04T09:25:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\"},\"wordCount\":1721,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg\",\"keywords\":[\"European directive\",\"NIS\",\"regulation\"],\"articleSection\":[\"Digital Compliance\",\"Focus\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\",\"name\":\"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg\",\"datePublished\":\"2021-09-21T17:30:00+00:00\",\"dateModified\":\"2021-10-04T09:25:32+00:00\",\"description\":\"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg\",\"width\":845,\"height\":562},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States&#8230;toward convergence ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6a166ed77a930951307e431880e76a80\",\"name\":\"Nicol4sVanThieghem\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/nicol4svanthieghem\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight","description":"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/","og_locale":"en_US","og_type":"article","og_title":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight","og_description":"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/","og_site_name":"RiskInsight","article_published_time":"2021-09-21T17:30:00+00:00","article_modified_time":"2021-10-04T09:25:32+00:00","og_image":[{"width":845,"height":562,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg","type":"image\/jpeg"}],"author":"Nicolas Lefebvre","twitter_misc":{"Written by":"Nicolas Lefebvre","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/"},"author":{"name":"Nicol4sVanThieghem","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6a166ed77a930951307e431880e76a80"},"headline":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States&#8230;toward convergence ?","datePublished":"2021-09-21T17:30:00+00:00","dateModified":"2021-10-04T09:25:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/"},"wordCount":1721,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg","keywords":["European directive","NIS","regulation"],"articleSection":["Digital Compliance","Focus"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/","name":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States...toward convergence ? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg","datePublished":"2021-09-21T17:30:00+00:00","dateModified":"2021-10-04T09:25:32+00:00","description":"The NIS was a European directive adopted by the European parliament on July, 6th , 2016. It has been transposed by member states into their national legislations until May 9th, 2018. In the United Kingdom, the NIS requirements have been included in The Network and Information Systems Regulation which came into force on May 10th, 2018 and the The Network and Information Systems (Amendment and Transitional Provision etc.) Regulations came into force on December 31st, 2020.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/09\/european.jpg","width":845,"height":562},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/09\/en-pleine-preparation-de-la-nis-v2-mise-a-jour-du-tour-dhorizon-europeen-de-transposition-de-la-directive-nis-par-les-etats-membres-vers-une-convergence\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"While preparing the NIS 2, update of the European overview of NIS transposition by the Member States&#8230;toward convergence ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/6a166ed77a930951307e431880e76a80","name":"Nicol4sVanThieghem","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/nicol4svanthieghem\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/1325"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=16638"}],"version-history":[{"count":8,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16638\/revisions"}],"predecessor-version":[{"id":16893,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/16638\/revisions\/16893"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/16665"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=16638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=16638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=16638"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=16638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}