The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation

Dimitra Markopoulou; Vagelis Papakonstantinou; Paul de Hert

doi:10.1016/j.clsr.2019.06.007

The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation

Dimitra Markopoulou, Vagelis Papakonstantinou, Paul de Hert

TILT

Research output: Contribution to journal › Article › Scientific › peer-review

682 Downloads (Pure)

Abstract

The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation

Original language	English
Article number	105336
Pages (from-to)	1-11
Number of pages	11
Journal	Computer Law and Security Review
Volume	35
Issue number	6
DOIs	https://doi.org/10.1016/j.clsr.2019.06.007
Publication status	Published - Nov 2019

Keywords

Cybersecurity
ENISA
EU data protection
NIS Directive

Access to Document

10.1016/j.clsr.2019.06.007

pdh19&dmvp The NIS Directive, ENISA’s roleProof, 507 KBLicence: Other

Regulating Socio-Technical Change
Bex, F., Bijlmakers, S., Borowicz, K., Broer, T., Cuijpers, C., Delimatsis, P., Geradin, D., Goossens, J., Graef, I., Groenleer, M., Hancher, L., Kaufmann, W., Kempeneer, S., Keymolen, E., Koops, B., Kosta, E., Krupiy, T., Lavrijssen, S., Leenes, R., Martin, A., Monti, G., Noorman, M., Partiti, E., Pierce, R., Purtova, N., Reins, L., Ruiz Feases, A., Schellekens, M., Stuurman, K., Taylor, L., Wolswinkel, J., Zhao, B., de Hert, P., van der Sloot, B., Mendis, S., Pernot-LePlay, E., Tombal, T., Kamara, I., Dalla Corte, L., de Souza, S., Baumgart, M., Meyers, G., Prins, C., Moerel, L., van Maanen, G., Bassini, M. & Bostoen, F.
1/01/19 → 31/12/24
Project: Research project

Cite this

@article{c7739e49d62a46b1993f5dae81125ce6,

title = "The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation",

abstract = "The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States{\textquoteright} obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation",

keywords = "Cybersecurity, ENISA, EU data protection, NIS Directive",

author = "Dimitra Markopoulou and Vagelis Papakonstantinou and {de Hert}, Paul",

year = "2019",

month = nov,

doi = "10.1016/j.clsr.2019.06.007",

language = "English",

volume = "35",

pages = "1--11",

journal = "Computer Law and Security Review",

issn = "0267-3649",

publisher = "ELSEVIER ADVANCED TECHNOLOGY",

number = "6",

}

TY - JOUR

T1 - The new EU cybersecurity framework

T2 - The NIS Directive, ENISA's role and the General Data Protection Regulation

AU - Markopoulou, Dimitra

AU - Papakonstantinou, Vagelis

AU - de Hert, Paul

PY - 2019/11

Y1 - 2019/11

N2 - The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation

AB - The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation

KW - Cybersecurity

KW - ENISA

KW - EU data protection

KW - NIS Directive

U2 - 10.1016/j.clsr.2019.06.007

DO - 10.1016/j.clsr.2019.06.007

M3 - Article

SN - 0267-3649

VL - 35

SP - 1

EP - 11

JO - Computer Law and Security Review

JF - Computer Law and Security Review

IS - 6

M1 - 105336

ER -

The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation

Abstract

Keywords

Access to Document

Fingerprint

Projects

Regulating Socio-Technical Change

Cite this