GSMA Comments on the Review of the NIS Directive

The threat landscape has changed dramatically since the NIS Directive came into play in 2016, and the GSMA urged the European Commission to update and expand the directive to meet current risks and future challenges to ensure 5G technology is secure.

The GSMA welcomes the Commission’s Cybersecurity Strategy and supports the increased EU’s focus on cybersecurity.

However, the review of the NIS Directive, announced today, needs to be more ambitious to boost EU cybersecurity and address the dramatically changed threat landscape.

“One of our biggest concerns is that the NIS Directive doesn’t include hardware and software providers. That is a significant weakness,” said Jon France, Head of Industry Security for the GSMA, “Hardware and software suppliers currently have no legal responsibility regarding the security issues generated by their equipment as part of a network. Yet, these actors are fundamental to ensuring a secure and resilient digital infrastructure within the European Union. Software will play an increasingly important role in our future digitalised society and in telecommunications networks. Hardware and software can contain design or implementation vulnerabilities, which increases the attack surface that adversaries seek to exploit.”

The GSMA, which represents more than 200 European telecoms operators, stands ready to work with the European Commission to achieve many shared Digital Decade goals, including around data, AI, standardisation, climate change and Europe’s single market.

For more information