19.7.2016
EN
Official Journal of the European Union
L 194/1
I
(Legislative acts)
DIRECTIVES
DIRECTIVE (EU) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 6 July 2016
concerning measures for a high common level of security of network and information systems
across the Union
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
(1)
Network and information systems and services play a vital role in society. Their reliability and security are
essential to economic and societal activities, and in particular to the functioning of the internal market.
(2)
The magnitude, frequency and impact of security incidents are increasing, and represent a major threat to the
functioning of network and information systems. Those systems may also become a target for deliberate harmful
actions intended to damage or interrupt the operation of the systems. Such incidents can impede the pursuit of
economic activities, generate substantial financial losses, undermine user confidence and cause major damage to
the economy of the Union.
(3)
Network and information systems, and primarily the internet, play an essential role in facilitating the crossborder movement of goods, services and people. Owing to that transnational nature, substantial disruptions of
those systems, whether intentional or unintentional and regardless of where they occur, can affect individual
Member States and the Union as a whole. The security of network and information systems is therefore essential
for the smooth functioning of the internal market.
(4)
Building upon the significant progress within the European Forum of Member States in fostering discussions and
exchanges on good policy practices, including the development of principles for European cyber-crisis
cooperation, a Cooperation Group, composed of representatives of Member States, the Commission, and the
European Union Agency for Network and Information Security (‘ENISA’), should be established to support and
(1) OJ C 271, 19.9.2013, p. 133.
(2) Position of the European Parliament of 13 March 2014 (not yet published in the Official Journal) and position of the Council at first
reading of 17 May 2016 (not yet published in the Official Journal). Position of the European Parliament of 6 July 2016 (not yet published
in the Official Journal).