EAI and its members recognise the growing importance of cybersecurity and we welcome this review of the NIS Directive and efforts to strengthen the EU’s cybersecurity capability. In strengthening and harmonising the approach to cybersecurity, it is important that risk management principles and proportionality continue to guide the development of the NIS.
We welcome the acknowledgement on page 20 of the proposal that “cybersecurity risk management requirements should be proportionate to the risk presented by the network and information system concerned”. We would caution against taking the NIS down an overly prescriptive route which could prove detrimental to the overall intended objectives.