This consultation paper sets out a proposed approach for those measures with which certain key infrastructure operators (or 'Operators of Essential Services' - OES) will be required to comply with if designated as such under the Network and Information Security Directive. The paper also sets out a draft set of incident reporting guidelines.
These draft measures are designed to be aligned with international best practice, to avoid imposing significant costs on businesses that operate in multiple jurisdictions, or which may already have taken steps in this area. The purpose of the consultation was to seek the views of both those entities who have been informed that they may be Operators of Essential Services, and of the public in general.
The deadline for submissions on this consultation was Wednesday, 20 December 2017.