# Directive 2016/1148

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
CSIRT Computer Security Incident Response Team
EEA European Economic Area
ENISA European Union Agency for Cybersecurity
EU European Union
NIS Network and Information Security

# Overview

Directive 2016/1148, also known as the "NIS Directive", is the first piece of EU-wide cybersecurity legislation. The goal is to enhance cybersecurity across the EU. The NIS directive was adopted in 2016 and subsequently, because it is an EU directive, every EU member state has started to adopt national legislation, which follows or "transposes" the directive.

The NIS Directive has three parts:

  1. National capabilities: EU Member States must have certain national cybersecurity capabilities of the individual EU countries, e.g. they must have a national CSIRT, perform cyber exercises, etc.
  2. Cross-border collaboration: Cross-border collaboration between EU countries, e.g. the operational EU CSIRT network, the strategic NIS cooperation group, etc.
  3. National supervision of critical sectors: EU Member states have to supervise the cybersecurity of critical market operators in their country: Ex-ante supervision in critical sectors (energy, transport, water, health, digital infrastructure and finance sector), ex-post supervision for critical digital service providers (online market places, cloud and online search engines)

# Sources