Mark Young and Vera Coughlan write:
Formal adoption of the EU Network and Information Security (NIS) Directive is a step closer following a vote on January 14 by the European Parliament’s internal market and consumer protection (IMCO) committee.
As we reported in December, the European institutions reached an informal political agreement on the NIS Directive — dubbed the Cybersecurity Directive — on December 7, 2015, (see press release from the Council). The informal consolidated text, dated December 18, is available here. Member States (the Committee of Permanent Representatives (COREPER)) endorsed this agreement on December 18.
On January 14, the European Parliament’s IMCO committee voted in favour of the NIS Directive (34-2). The committee confirmed that the minimum harmonisation requirements under the Directive do not apply to digital service providers. This means that Member States would not be able to impose any further security or notification requirements on digital service providers when transposing the Directive into national law.
Read more on Covington & Burling Inside Privacy.