Network and Information Security Directive 2016/1148 – concerning measures for a high common level of security of network and information systems across the Union (AKA: Cybersecurity Directive)

Also relevant is current EU data protection law is set out in the Data Protection Directive 1995/46, which from 25 May 2018 will be replaced by the General Data Protection Regulation 2016/679 (GDPR).

In addition, the E-Privacy Directive 2002/58, as amended by the Citizen’s Rights Directive 2009/136 sets out additional rules for telecoms companies. There are proposals to update these rules as part of the Digital Single Market review.


Please let us know if there are others we should include, or if any of the links no longer work.