Position of the European Sea Ports Organisation on the NIS 2.0 proposal
10 March 2021
The European Sea Ports Organisation (ESPO) welcomes the Commission’s proposal for a Directive on measures for high common level of cybersecurity across the Union (NIS 2.0), published on 16 December 2020. The proposal is the result of a revision process of the Directive on security and network of information systems ((EU)2016/1148). The NIS 2.0 proposal again identifies ports as essential entities, setting obligations for port managing bodies, their port facilities and entities operating works and equipment in the port.
For European ports, developing an EU cybersecurity policy that protects business continuity and mitigates the risks of cyberattacks, without curtailing the rapid pace of digital innovation, is a top priority.
In this context, ESPO believes that the scope of the NIS 2.0 proposal should be limited to those ports that need high levels of protection, as European ports are diverse in nature and vary in size and in activities performed and their strategic importance in a given Member State may vary. Furthermore, ports are complex ecosystems with many different stakeholders, ranging from public authorities (such as customs) to private entities (such as terminals or various types of industries). Therefore, the focus should lay on protecting the entire port ecosystem, including the various actors involved in the port. Also, there should be more emphasis on the protection of the entire transport and logistics chain. In case one of the actors in the transport and logistics chain, or any of the interfaces they use for data exchange, is compromised by a cyber incident, this could have a serious negative impact on the operations of the other players involved in moving the goods. Finally, European ports foresee considerable costs when implementing the NIS 2.0 proposal as it stands, especially for smaller ports and those ports that were previously not identified as essential entities. Investments in both cybersecurity infrastructure as well as skilled workforce are expensive, and will be needed in order to implement the NIS 2.0 proposal.
Please find below the full position on the NIS 2.0 proposal.