On July 6, 2016, the European Parliament adopted the first-ever pan-European law on cyber security. The law, entitled the “Directive on the Security of Network and Information Systems” (NIS Directive), imposes security requirements and security incident notification obligations on digital service providers and operators of essential services.

The NIS Directive was enacted as part of the European Commission’s broader initiative to strengthen cyber security capabilities in the EU and will take effect in August 2016 (20 days after its publication in the EU Official Journal). However, like all EU Directives, it must be implemented into national law to be fully effective. EU member states will have 21 months to implement the NIS Directive into their national laws. As a result, businesses should expect the rules to come into final force no later than May 2018.

Click here to read our complete WSGR Alert on the NIS Directive.