GSMA comments on the European Commission public consultation on NIS Directive Review

The threat landscape has changed dramatically since the NIS Directive came into play in 2016, and the GSMA today urged the European Commission to update and expand the directive to meet current risks and future challenges to ensure 5G technology is secure.

As the trade body for the mobile industry, the GSMA runs a Fraud and Security working group for network operators and has a seat on the EU Stakeholder Cyber Certification Group.

Several of the largest telecoms companies now require vendors test the security of their product designs through the GSMA’s new NESAS certification scheme.

With this holistic view of threats and vulnerabilities, the GSMA strongly recommends the Commission to address the shortcomings and persisting inefficiencies in the NIS Directive by:

• Including software and hardware providers in the scope to ensure robust end-to-end security.
• Reducing red tape and fragmentation by streamlining processes, security requirements and incident notifications obligations.
• Improving harmonisation and consistency for providers of Electronic Communications Services by closely aligning the NIS Directive with other legal instruments (the Cybersecurity Act, the European Electronic Communications Code (EECC) and the European Critical Infrastructure (ECI) Directive).

The GSMA urges the Commission to prioritise the above recommendations, thus helping to achieve greater digital resilience and security of European networks, which are critical for delivering a Gigabit Society.