Romania's Government approved a draft law whose aim is to transpose the EU directive on security of network and information systems (NIS Directive), according Telecompaper. The draft law was sent to the Romanian Parliament with the proposal to be debated and approved in an emergency procedure. Initiated by the Ministry of Communications and Information Society, the draft law transposes and follows the line of the NIS Directive to impose minimum security measures and obligations to report incidents at the level of two major categories of economic entities, namely service providers and digital service providers.
The directive covers various sectors of activity and types of services, including transport, energy, banking, financial market infrastructures, health, drinking water supply and distribution and digital infrastructure. At the same time, the project also addresses digital services such as cloud services, search engines and online markets.
The project also sets out the categories of necessary security measures and the obligation of the entities concerned to implement them, the obligation to notify security incidents and the obligation to register in the Registry of operators of essential services.