+49 (0) 89 20 300 64 22
Mon - Fri : 09:00-18:00
Contact

NIS Representative // NISD-REP

scope of eu network and information systems directive (nisd)


NISD-Services

Payment

CYBERLEGIS.legal accepts all common cryptocurrencies for payment.

The Security of EU Network & Information Systems Regulations (NIS Regulations; NISD - NIS Directive Implementation Act; NISG – Netz- und Informationssystemsicherheitsgesetz) called NIS Directive in the following - provide legal measures to boost the level of security (both cyber & physical resilience) of network and information systems for the provision of essential services and digital services.

 

The NIS Directive requires non-EU-companies to designate a NIS Representative in

(NISD Representative, NIS Rep, NISD Rep) if:

  • they are Digital Service Providers (DSP)
  • they have no establishment in the EU, and
  • hey offer services in the EU.

The NIS Directive not only applies to EU-based companies but also to DSPs without an establishment in the EU if they offer their services there. These companies also have to designate an EU Representative.

 

is my company a digital service provider?

DSPs include operators of:

  • webs search engines
  • online marketplaces and ecommerce platforms which allow sellers to conclude retails or wholesale contracts on their platform
  • cloud services, including IaaS, PaaS and SaaS providers.

Exemption:

  • fewer than 50 staff and an annual turnover and/or balance sheet below €10 million

For the purposes of NIS Directive, a Digital Service Provider is any legal person that provides a digital service (art. 4(6) NIS Directive) and Digital Service is any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services (Art. 4(5) NIS Directive)

If you provide an online search engine, online marketplace or cloud computing service (either alone or in combination) then you are a digital service provider (DSP). Your digital service must be provided to external customers – i.e., to individuals or organisations. If you only maintain these services internally, you are not a DSP.

Online search engines are digital services that enable individuals to perform searches of all websites based on a particular query or search term. If you run a website that uses an embedded search from a search engine provider, your site is not covered by NIS and you are not deemed to be a DSP – it is the underlying search engine that is covered.

Online marketplaces are digital services that allow individuals or traders to conclude sales or service contracts with traders, either on their own website or by means of providing services to traders’ websites. Online retailers that sell directly to individuals on their own behalf are not covered.

Cloud services are digital services that ‘enable access’ to a scalable and elastic pool of shareable computing resources. This can include common cloud models like ‘Platform as a Service’ (PaaS) and ‘Infrastructure as a Service’ (IaaS). If you provide ‘Software as a Service’ (SaaS) you are also covered to the extent that your service is scalable and elastic.

There is a general exemption for small and micro businesses. If you have fewer than 50 staff and an annual turnover and/or balance sheet below €10 million does not apply to you and you are not an DSP. However, if your service is part of a larger group, you need to include the staff and turnover size of the group when assessing whether the small business exemption applies (Art. 16(11) NIS Directive)

 

general obligations of digital service providers under the nisd?

If you are a digital service provider, you are required to take appropriate and proportionate technical and organisational measures to manage the risks to your systems. These measures must ensure a level of security appropriate to the risk posed.

 
Under the NISD, DSPs are required to:

  • identify and take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in the context of offering services (Art. 16(1) NIS Directive)
  • online marketplaces and ecommerce platforms which allow sellers to conclude retails or wholesale contracts on their platform
  • cloud services, including IaaS, PaaS and SaaS providers.

These measures are further detailed by implementing national laws. The requirements above mentioned are similar to the GDPR requirements to maintain risk-appropriate technical and organizational measures for data security (Art. 32 GDPR) and to notify data protection authorities in case of personal data breaches (Art. 33 GDPR), however, differ in detail as the NISD aims to protect general availability of digital services, unlike the GDPR which solely protects personal information.

 

nisd-rep

Responsibilities as nis – representative nis-rep, nisd-rep

We as NISD-REP have to act on behalf of the DSP and can be addressed by EU authorities which are supervising compliance with the NIS Directive.

We as representative act as a contact point for national competent authority or a CSIRT instead of the digital service provider with regard to the obligations of that Digital Service Provider under NIS Directive. In addition, your representative's range of tasks includes representing your company with regard to the obligations arising from the NIS Directive.

Our goal is to enable non-European companies to comply with NIS Directive by a combination of legal expertise and technology know-how.
We support you in all cybersecurity related matters and above all in helping your business grow by enabling you to improve customers' trust and handling cybersecurity matters in an efficient and professional way. The NIS Representative must be designated in writing by the DSP to be contacted by the national competent authority or a CSIRT on any cybersecurity issues. We use a fully NIS Directive compliant NIS representative agreement.

How many Representatives do I need?

In principle, there is no indication concerning the number of representatives needed to comply with the obligation to appoint a representative in the EU. Art. 4(10) NIS Directive defines the representative as any natural or legal person established in the Union explicitly designated to act on behalf of a digital service provider not established in the Union, which may be addressed by a national competent authority or a CSIRT instead of the digital service provider with regard to the obligations of that digital service provider under this Directive. Therefore, only one NIS representative is enough to comply with this requirement, even if your company has branches in several EU countries.

What fine may be imposed for non-compliance?

The NIS Directive extends its ‘territorial scope’ to digital service providers established in a country outside of the EU. The NIS Directive allows member states to set their fine limits (art. 21 NISD). Maximum fines for non-compliance with the NIS Directive vary throughout the EU member states (e.g.: EUR 50,000 in Germany; EUR 200.000 in Belgium; EUR 500,000 in Ireland; EUR 20,000 in Estonia; EUR 1,000,000 in Spain).

 

About us

RAe Niedermeier – Law Firm GmbH (CYBERLEGIS) is an European Law Firm with headquarters in Munich Downtown, Germany. CYBERLEGIS specializing in NIS Representative Services under EU Network & Information Systems Regulations.

 

Why hire cyberlegis as your nisd-rep // nis-representative?

 

Efficiency

CYBERLEGIS is a specialized provider for NIS Representative // NISD-REP Services.

 
We work down any request coming in 6 hours.
 

cost effective

 

At just EUR 1.200 net per year

CYBERLEGIS provides premier NIS Representation, NISD-REP services.

 

insurance coverage

Since all NIS Representatives installed by CYBERLEGIS are specialized Privacy lawyers, the service comes along with a default liability of 1 Million Euros (with higher representation available at extra cost).

 

professionalism

CYBERLEGIS is sensitive to providing quality service to its clients.

Thus, CYBERLEGIS designates only specialized Experts to act as NIS Representatives // NISD-REP or handle representation-related matters for the clients.

assured availability

In an effort to satisfy its clients, the designated NIS Representative // NISD-REP would be reachable not only from Monday to Friday (09:00h – 17:00h) via a team of English speaking secretaries, but equally at weekends via e-mail and cell phone.

CYBERLEGIS has minimum 3 legal experts, working around the clock to assist the clients fulfil the requirements. Thus, at any given point in time, a CYBERLEGIS representative is always there to assist you with your requirements.

how do i designate cybderlegis as my nis representative?

We will be happy to answer all your question in a Zoom or WebEx meeting

We have standard document designating one of our expert Lawyers as your NIS Representative. In this regard, you would receive a draft designation document, which you would print, sign, and send by post.

Robert Niedermeier CIPP/E CIPT CIPM FIP

niedermeier@cyberlegis.legal

+49 171 2440099

Generally, you would receive a reply within 24 hours.


 

more information

 

NISD / NIS Representative

(Further information: NIS REP_Cyberlegis_Flyer_2021)

  Download

 

NIS Directive in Germany

(Further information: Cyberlegis_Flyer_2021)

  Download

You Have Some Unanswered Questions?

For more information, kindly send an email to

niedermeier@cyberlegis.legal  ·   Mon - Fri 09:00-18:00
Social Media Auto Publish Powered By : XYZScripts.com