Legislative Observatory
European Parliament
Please fill in this field to find a procedure

High common level of network and information security across the Union. NIS Directive

2013/0027(COD)

OPINION OF THE EUROPEAN CENTRAL BANK (ECB) on a proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security (NIS) across the Union.

The ECB decided to deliver an own initiative opinion on the proposed directive, since it was not formally consulted by the legislators.

The ECB supports the aim of the proposed directive to ensure a high common level of NIS across the Union and to achieve a consistency of approach in this area across business sectors and Member States.

However, the ECB considers that the proposed directive should be without prejudice to the existing regime for the Eurosystem's oversight of payment and settlement systems, which includes appropriate arrangements, inter alia, in the area of NIS. It is for this reason that the ECB suggests amending the proposed directive to properly reflect the Eurosystem's responsibilities in this area.

The ECB notes that the existing oversight arrangements in respect of payment systems and payment service providers (PSPs) already contain procedures for early warnings and coordinated responses within and beyond the Eurosystem to deal with possible cyber-security threats, which are equivalent to those laid down in the proposed directive.

The ESCB has set standards regarding reporting and risk management obligations for payment systems. Furthermore, the ECB regularly assesses securities settlement systems in order to determine their eligibility for use in the Eurosystem credit operations.

Therefore, the ECB considers it necessary that the requirements in the proposed directive affecting critical market infrastructures and their operators do not prejudice the standards in the draft regulation on oversight requirements for systemically important payment systems (SIPS Regulation), the Eurosystem's oversight policy framework or other Union regulations, and in particular the European Market Infrastructure Regulation (EMIR) and the future Regulation on improving securities settlement in the European Union and on central securities depositories (CSDs).

Moreover, they should not interfere with the tasks of the European Banking Authority or the European Securities and Markets Authority and other prudential supervisors.

Notwithstanding the above, the ECB considers that there is a strong case for the Eurosystem to share relevant information with the NIS Committee to be set up pursuant to Article 19 of the proposed directive.