1. Introductory remarks The Directive on Security of Network and Information Systems 1 was adopted by the European Parliament on 6 July 2016 and entered into force in August 2016. It was the first piece of EU-wide cybersecurity legislation. Member States had to transpose the NIS Directive into their national legislation by 9 May 2018 and identify operators of essential services ( OES) by 9 November 2018. Under the NIS Directive, Member States are required to ensure that OES and digital service providers ( DSP) implement cybersecurity requirements and report incidents. As part of its policy objective to make "Europe fit for the digital age", the European Commission (the Commission) announced in early 2020 that