New publication on ENISA, NIS Directive and GDPR by Dimitra Markopoulou, Paul de Hert and Vagelis Papakonstantinou

  • November 27, 2019

In November 2019, LSTS researcher Dimitra Markopoulou and Professors Paul de Hert and Vagelis Papakonstantinou published an article on 'The new EU cybersecurity framework: The NIS Directive, ENISA's role and the General Data Protection Regulation'. The article can be found in the current issue of the Computer Law and Security Review.

Abstract: The NIS Directive is the first horizontal legislation undertaken at EU level for the protection of network and information systems across the Union. During the last decades e-services, new technologies, information systems and networks have become embedded in our daily lives. It is by now common knowledge that deliberate incidents causing disruption of IT services and critical infrastructures constitute a serious threat to their operation and consequently to the functioning of the Internal Market and the Union. This paper first discusses the Directive's addressees particularly with regard to their compliance obligations as well as Member States’ obligations as regards their respective national strategies and cooperation at EU level. Subsequently, the critical role of ENISA in implementing the Directive, as reinforced by the proposal for a new Regulation on ENISA (the EU Cybersecurity Act), is brought forward, before elaborating upon the, inevitable, relationship of the NIS Directive with EU's General Data Protection Regulation.

News contact

For suggestions/feedback concerning the LSTS website news section, please contact us.