Skip to main content

Overview

FieldValue
CELEX32016L1148
StatusSuperseded
Articles27
Recitals75
EUR-LexView Official Text

Compliance Deadlines

DateTypeDescription
2016-07-19Entry into forceDirective enters into force
2024-10-18RepealedSuperseded by NIS2 Directive
This directive has been repealed. NIS1 was superseded by the NIS2 Directive (EU) 2022/2555 as of October 18, 2024. This documentation is provided for historical reference and to understand the evolution of EU cybersecurity law.

Stakeholder Roles

The NIS Directive defined obligations for the following stakeholder roles:
  • manufacturer - Providers of digital products and services
  • importer - Entities operating essential services
  • distributor - Digital service providers
  • authorized_representative - EU representatives for non-EU providers
  • notified_body - Bodies for security certification
  • market_surveillance - National competent authorities and CSIRTs
  • consumer - Users of essential and digital services

Requirement Types

Requirements in NIS1 were classified as:
  • obligation - Security and notification requirements
  • prohibition - Restricted security practices
  • right - Rights of operators and users
  • procedure - Incident notification procedures
  • general - General provisions and definitions

API Usage

Key Topics (Historical)

  • Operators of Essential Services (OES) identification
  • Digital Service Providers (DSPs) requirements
  • Security and notification requirements
  • National cybersecurity strategies
  • Cooperation and information sharing mechanisms
  • Network of CSIRTs (Computer Security Incident Response Teams)
  • Transition to NIS2 (expanded scope, harmonized requirements)