Source: OJ L 333, 27.12.2022, p. 80–152
ENRecital 2 NIS 1 directive successful but had shortcomings
Since the entry into force of Directive (EU) 2016/1148, significant progress has been made in increasing the Union’s level of cyber resilience. The review of that Directive has shown that it has served as a catalyst for the institutional and regulatory approach to cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; in the Union, paving the way for a significant change in mind-set. That Directive has ensured the completion of national frameworks on the security of network and information systems means the ability of network and information systems to resist, at a given level of confidence, any event that may compromise the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, those network and information systems; by establishing national strategies on security of network and information systems means the ability of network and information systems to resist, at a given level of confidence, any event that may compromise the availability, authenticity, integrity or confidentiality of stored, transmitted or processed data or of the services offered by, or accessible via, those network and information systems; and establishing national capabilities and by implementing regulatory measures covering essential infrastructures and entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; identified by each Member State. Directive (EU) 2016/1148 has also contributed to cooperation at Union level through the establishment of the Cooperation Group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; and the network of national computer security incident means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; response teams. Notwithstanding those achievements, the review of Directive (EU) 2016/1148 has revealed inherent shortcomings that prevent it from addressing effectively current and emerging cybersecurity means cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; challenges.