Goals of the NIS Directive and current outlook The NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring member states’ preparedness. It requires them to be appropriately equipped in several ways, including Computer Security Incident Response Teams (CSIRT) and a competent national NIS authority. Businesses in these sectors that are identified by the member states as Operators of Essential Services (OES) will have to take appropriate security measures and to notify serious incidents to the relevant national authority. Key digital service providers including search engines, cloud computing services and online marketplaces must also comply with the security and notification requirements under the new directive. OES’s are public or private sector organizations that are dependent upon network and information systems to provide an essential service to society, which could be significantly disrupted by a cyber incident. Although NIS is a relatively new regulatory requirement, many of its concepts have already been codified in existing compliance and best practice for industries including financial services and telecoms. In these industries, PKI has already been successfully deployed and widely supported, which has led to a high degree of interoperability. In telecoms for example, PKI is used to build chains of custody from the supplier of a network element where a device is ‘born’ to adoption into a network where the unit is used. For other sectors like cloud services, NIS has put cybersecurity and accountability in the limelight. Investing in a competent PKI and code signing solution such as PrimeKey’s EJBCA and SignServer reduces the information security risks involved around NIS and related compliance regimes such as GDPR. This enterprise-wide capability reduces operation and maintenance costs compared to other point solutions, secures valuable business models and future-proofs organizations in all industries.