On the Edge of the NIS Directive: The Proposed C-ITS Delegated Regulation, Friend or Foe?
24 Pages Posted: 27 Nov 2019
Date Written: November 14, 2019
The paper discusses the interpretation of the lex specialis rule of Article 1 (7) of the NIS Directive, which has deserved little scholarly attention so far. Article 1 (7) NIS Directive organises the interface between the NIS Directive regime and other European Union sector-specific legislations imposing (cyber)security obligations, by laying down the conditions according to which such obligations would prevail over the NIS Directive regime. To do so, the recent proposal from the European Commission to regulate Cooperative Intelligent Transport Systems (‘C-ITS’) serves as a practical case study. Even though the proposal was eventually turned down by the Council, the regulation of C-ITS remains top on the agenda of the European Commission. Its relevance for the present study also detracts from the fact that, while obviously dealing with (cyber)security, the Proposed C-ITS Regulation barely envisaged the interface with the NIS Directive.
The paper finds that the NIS Directive is unclear on a number of aspects related to its interface with other EU legal frameworks, and notably in the field of ITS. In anticipation of a potential future C-ITS regulation, the paper makes suggestions to smoothly regulate the interface with the NIS Directive and eventually bring legal certainty to the actors involved. Finally, recommendations are made with respect to the interpretation and application of the lex specialis rule of Article 1 (7) NIS Directive.
Keywords: NIS Directive, Cooperative Intelligent Transport Systems (C-ITS), ITS Directive, cybersecurity, security management regulation
Suggested Citation: Suggested Citation