CISPE (Cloud Infrastructure Service Providers in Europe) welcomes the opportunity to provide feedback on the draft Commission Implementing Regulation that concerns the security and notification obligations of so-called “digital service providers” (DSPs) which will help implement the Network and Information Security (NIS) Directive.
CISPE supports the objectives of the NIS Directive and would like to reiterate the importance of an implementation that is true to its intended outcome, especially regarding the definition of substantial impact, which triggers the obligation for DSPs to notify an incident. It is crucial that the implementing Regulation reflect the “light-touch approach” agreed by Council and the European Parliament in this regard.
This “light touch” approach is of the upmost importance for medium European companies to allow them to comply with the implementing Regulation without stifling their development. We are concerned that costly and complex systems to implement could change the structure of the European Cloud market, and in particular the Infrastructure as a Service (IaaS) market, which is mainly made by SMEs.
Read the response here.