IBM Cloud® compliance: NIS Directive (EU)
Illustration showing two people standing on platforms, with one person looking at a map display and the other regarding a security shield
What is the NIS Directive (EU)?

The NIS Directive, more properly known as the Directive on Security of Network and Information Systems, was enacted by the European Parliament in 2016 to create a higher level of cybersecurity in the European Union. The NIS Directive focuses on the security capabilities of individual nations, of cross-border collaboration and of critical industries, such as energy, finance, digital infrastructure and healthcare.

In the years since the NIS Directive went into effect, each member state of the EU has subsequently adopted its tenets into their own national legislation: for regulated industries, compliance with the directive is now required by law.

IBM position

The Network and Information Systems (NIS) Directive (EU 2016/1148) is the first cybersecurity law to cover the entire the European Union (EU) and is intended to boost the overall cybersecurity level for critical infrastructure in the EU.

IBM maintains standard technical and organizational measures that are appropriate and proportionate to manage the risks posed to the security of network and information systems. This includes a security monitoring program and a global incident response process to respond to cybersecurity threats and attacks. In addition, IBM utilizes a combination of online training, educational tools, videos and other awareness initiatives to foster a culture of security awareness and responsibility among its workforce.  More information on these technical and organizational measures is available in IBM's certifications and audit reports such as ISO 27001 and SOC 2.

Take the next step

Questions about a compliance program? Need a protected compliance report? We can help.

See more compliance programs