The European Union Network and Information Systems (NIS) Directive will come into effect today, with the provisions of the EU-wide law expected to improve the IT security of critical infrastructure organisations, as well as search engines, online marketplaces and other organisations key to the modern economy.
While less well-known than GDPR, the NIS Directive will be even more far-reaching for the organisations that come under its purview.
The NIS Directive focuses on the security of nationally important infrastructure, such as electricity and water supplies, transport and healthcare. It seeks to improve the security and resilience of these services by bolstering networks against cyber attacks.
The Directive requires member states to have in place "a National Cyber Security Strategy, a Computer Security Incident Response Team (CSIRT), and a national NIS competent authority, or competent authorities", according to the website of lead agency the National Cyber Security Centre (NCSC).
There should also be cooperation between states to support the sharing of information about cyber attacks, and states must identify critical organisations or "operators of essential services (OES)", it adds.
It continues: "Those OES will have to take appropriate and proportionate security measures to manage risks to their network and information systems, and they will be required to notify serious incidents to the relevant national authority."
In the UK, the OES category is likely to include suppliers of drinking water; digital infrastructure; the health sector; air, marine, road and rail transport; cloud services; online market places and search engines according to the government's consultation document.
Sectors such as finance and civil nuclear are considered sufficiently protected by existing measures.
According to Charlie Wedin, cyber security expert at legal practice Osborne Clarke, the Directive is welcome and extremely timely.
"In recent years, the number of cyber attacks against national infrastructure has risen dramatically. This demonstrates just how attractive these systems have become to malicious actors looking to target any vulnerable points in the system," he said.
"The consequences on society can be significant - preventing access to power, transport and emergency services. Recognising the importance of digital services in today's society, the Directive also applies to online marketplaces, search engines and cloud storage."
Organisations falling within the scope of the Directive ought to "carry out a holistic evaluation of their technical and organisational measures to ensure the security of their networks and information," said Wedin.
He added: "They should also test their security measures with realistic 'war game' simulations to proactively identify and rectify potential weaknesses."
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23