Volume: 19 Issue: 4
The EU’s Directive on Network and Information Security (the ‘NIS Directive’) must be implemented into Member States’ local laws by 9 May 2018. It is the first true inter-governmental initiative to address cyber security and one of its central tenets is for digital service providers ('DSPs') who provide online marketplaces, online search engines or cloud computing services to notify authorities of any incident having a substantial impact on their services. The European Union Agency for Network and Information Security (‘ENISA’) has recently issued guidelines to help DSPs manage incident notification (the ‘Guidelines’). James Walsh and Sabba Mahmood of Fieldfisher LLP examine the Guidelines in the context of the NIS Directive for DSPs.