While most of the attention in the EU data landscape in late 2015 and early 2016 was focused on the Schrems decision, negotiations regarding the EU-U.S. Privacy Shield and passage of the General Data Protection Regulation (GDPR), the EU also passed a new directive that could have significant impact on U.S. and multinational companies operating in Europe: the Network Information Security Directive (“NIS Directive”). The NIS Directive will have significant implications for cyber preparedness and compliance issues, both for companies providing “essential services” and “digital service providers.” Many companies will be surprised to learn that they are digital service providers subject to the member state laws passed to implement the NIS Directive.
Please see full publication below for more information.