In light of the ever-increasing risk of cyber attacks, the EU has passed the Network and Information Security Directive ("NIS Directive") which requires providers of essential services in certain key industries, such as energy, transport, health and finance, and digital service providers to take steps to reduce the risk of cyber attacks and to report any major security incidents.

The NIS Directive entered into force in August 2016 and must be transposed into national law by Member States by May 2018.

Larger companies will already have systems in place which comply with the NIS Directive but smaller companies who until now have not needed wide-ranging security protocols, may now be required to have these in place.