The European Network and Information Security Directive – a Cornerstone of the Digital Single Market

  • Martin SchallbruchEmail author


Digital markets strongly depend on a sufficient level of network and information security. As the digitization of all business processes leads to a complex landscape of digital networks, systems, and services, overarching security standards become crucial for the economic development. Thus, state actors worldwide aim to build regulatory frameworks to somehow guarantee network and information security. Right now, with regard to the digital economy, Europe is not at the forefront of the global economic regions. By passing a new regulation on network and information security, the Union aims to present a modern regulatory approach to a key issue of the digital economy. The EU directive, set into force in August 2016, is a major step to a stable regulatory environment, that might be a raw model for regulators worldwide. However, from a technology perspective, the legislation will predominantly lead to compliance efforts of market operators, not to technological innovations. To some extent, this can be bridged by the development of market standards under the regulation. Nevertheless, further regulatory action is suggested.


  1. 1.
    European Commission, “A Digital Single Market Strategy for Europe {COM(2015) 192 final},” 2015.Google Scholar
  2. 2.
    OECD, “OECD Communications Outlook 2013,” 2013. [Online]. Available: [Accessed 26 08 2016].Google Scholar
  3. 3.
    S. Muylle und E. Vijverman, “Online Jobs Boosting Europe’s Competitiveness,” 2013. [Online]. Available: [Accessed 25 08 2016].Google Scholar
  4. 4.
    K. Irion, “The Governance of Network and Information Security in the European Union: The European Public-Private Partnership for Resilience (EP3R),” in 27th European Communications Policy Research Conference (EUROCPR), 2012.Google Scholar
  5. 5.
    Council of Europe, “Convention of Cybercrime,” European Treaty Series, Nr. 185, 23 11 2001.Google Scholar
  6. 6.
    Council of Europe, “Chart of signatures and ratifications of Treaty 185 (Convention of Cybercrime),” 2016. [Online]. Available: [Accessed 25 8 2016].Google Scholar
  7. 7.
    A. Segura Serrano, “Cybersecurity: towards a global standard in the protection of critical information infrastructures,” European Journal of Law and Technology, Nr. 3, pp. 1–24, 2015.Google Scholar
  8. 8.
    S. J. Shackelford und A. Kastelic, “Toward a State-Centric Cyber Peace: Analyzing the Role of National Cybersecurity Strategies in Enhancing Global Cybersecurity,” New York University Journal of Legislation and Public Policy, Nr. 4, pp. 895–984, 2015.Google Scholar
  9. 9.
    F. Massacci, R. Ruprai, M. Collinson und J. Williams, “Economic Impacts of Rules- versus Risk-Based Cybersecurity Regulations for Critical Infrastructure Providers,” IEEE Security & Privacy, Bd. 14, Nr. 3, pp. 52–60, 2016.CrossRefGoogle Scholar
  10. 10.
    European Commission, “Impact Assessment – accompanying the document ”Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high level of network and information security across the Union“ {COM (2013) 48 final},” 2013.Google Scholar
  11. 11.
    European Commission; High Representative of the European Union for Foreign Affairs and Security Policy, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace {JOIN(2013) 1 final}, 2013, pp. 1–20.Google Scholar
  12. 12.
    European Parliament and Council of the European Union, “Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union,” Official Journal of the European Union, Nr. L194, 19 7 2016.Google Scholar
  13. 13.
    E. Fahey, “The EU’s Cybercrime and Cyber-Security Rulemaking: Mapping the Internal and External Dimensions of EU Security,” European Journal of Risk Regulation, Bd. 5, Nr. 1, pp. 46–60, 2014.CrossRefGoogle Scholar
  14. 14.
    A. Könen, “IT-Sicherheit gesetzlich geregelt,” Datenschutz und Datensicherung, Nr. 1, pp. 12–16, 2016.CrossRefGoogle Scholar
  15. 15.
    E. Luiijf, K. Besseling und P. de Graaf, “Nineteen national cyber security strategies,” Int. J. Critical Infrastructures, Bd. 9, Nr. 1/2, pp. 3–31, 2013.CrossRefGoogle Scholar
  16. 16.
    TeleTrusT e. V., “Handreichung zum ”Stand der Technik“ im Sinne des IT-Sicherheitsgesetzes (German),” 2016. [Online]. Available: [Accessed 26 08 2016].Google Scholar

Further Reading

  1. 17.
    E. G. Baud, P. Bru, L. de Muyter, E. Fortunet, J. Little und S. Macchi di Cellere, “Europe proposes new laws and regulations on cybersecurity,” 2 1 2014. [Online]. Available: [Accessed 25 8 2016].Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2018

Authors and Affiliations

  1. 1.ESMT BerlinBerlinGermany

Personalised recommendations