Feedback on Inception Impact Assessment NIS Directive
Strengthening cyber-resilience, creating a level-playing field for operators of essential services German industry welcomes the European Commission’s aim to significantly strengthen Europe's cyber-resilience and to create a level playing field for Operators of Essential Services (OES) and Digital Service Providers (DSP) across the European Union. Cyber and IT security are the basis for a long-term secure digital transformation of the state, economy and society. All those involved – from hardware and software manufacturers to commercial operators, private users and government agencies – must be actively and holistically involved in strengthening cyber-resilience. German industry will continue to make its contribution to this, because a high degree of cyber-resilience is a basic prerequisite for the trouble-free functioning of highly digitalised processes in companies. German industry advocates a holistic, overlap-free, EU-wide harmonised regulatory framework on cybersecurity that finds the right balance between enhancing the EU’s cyber-resilience while avoiding over-regulation and imposing unduly high burdens on European companies. Therefore, German industry calls on the European Commission to adopt at least option 3, i.e. targeted regulatory interventions and alterations to the NIS Directive, as outlined in the EU Commission’s document. However, when amending/revising the current NIS Directive, the EU Commission should work towards a holistic regulatory framework supporting OES and DSP in constantly maintaining and increasing the cyber-resilience of their infrastructure and services. To this end, the EU Commission should also consider the interplay between cyber-resilient OES and DSP as well as cyber-resilient and trustworthy products, services, processes and systems. While this interplay is of outstanding importance, cybersecurity for OES an DSP on the one hand, and for products, services, processes and systems on the other hand, should be regulated in different regulatory acts. Nonetheless, the EU Commission needs to ensure that such regulatory acts go hand-in-hand. This policy paper discusses some of the points in greater detail that the Federation of German Industries addressed when answering the EU Commission’s online questionnaire.
www.bdi.eu
Bundesverband der Deutschen Industrie e.V. Federation of German Industries Member association of BUSINESSEUROPE
Address Breite Straße 29 10178 Berlin Postal Address 11053 Berlin Contact Steven Heckler T: +493020281523 F: +493020282523 Website www.bdi.eu E-Mail S.Heckler@bdi.eu
