NIS Directive: Top-level objectives

Created:  28 Jan 2018
Updated:  28 Jan 2018
Statements of the NIS objectives, with links to associated principles and guidance.


The implementation of Article 14 of the NIS Directive is described via 4 top-level objectives. The objectives will be realised through implementation of a set of sector-agnostic security principles. Each principle describes security outcomes to be achieved.

Click on each objective below to view its underlying principles and the supporting guidance for implementation.

NIS Directive Objectives

  1. Objective A. Managing security risk

    Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.

  2. Objective B: Protecting against cyber attack

    Proportionate security measures are in place to protect essential services and systems from cyber attack.

  3. Objective C: Detecting cyber security events

    Capabilities to ensure security defences remain effective and to detect cyber security events affecting, or with the potential to affect, essential services.

  4. Objective D: Minimising the impact of cyber security incidents

    Capabilities to minimise the impact of a cyber security incident on the delivery of essential services including the restoration of those services where necessary.


Was this guidance helpful?

We need your feedback to improve this content.

Yes No