The preliminary public consultation stage (i.e. with a view to determine and set up the strategic, institutional and legal framework needed for transposing the Directive) was launched by the Ministry of Communications and Information Societies on 10 April 2017.
The draft bill transposing the NIS Directive into national legislation has not been published yet. On 3 October 2017, the Ministry of Communications and Information Societies launched a public consultation on the bill of law concerning measures for a high common level of security of network and information systems across the Union. The text of the bill is available here.
To date, we are not aware that the next legislative steps have been carried out.
More details to follow.
Failure to comply with the prescribed obligations may be sanctioned with administrative fines ranging from RON 3,000 (approx. EUR 670) to RON 50,000 (approx.EUR 11,000). Repeated breaches of the obligations may be sanctioned with administrative fines of up to RON 100,000 (EUR 22,000).
Companies with a turnover exceeding RON 2,000,000 (approx. EUR 440,000), may be subject to the administrative fines of up to 2% of the company's turnover and, for repeated breaches, of up to 5% of the company's turnover.
The provisions of the bill are applicable to (i) essential service operators which have the head office, branch, subsidiary, working point or any other form of representation in Romania and (ii) providers of digital services headquartered in Romania, or in other non- EU country which has a representative office in Romania (non- EU entities offering relevant services in Romania have to designate a Romanian representative).
The security and notification requirements shall not apply to (i) undertakings providing public communications networks or publicly available electronic communications services which have special or exclusive rights for the provision of services in other sectors in Romania or another EU Country and (ii) to trust service providers which are subject to the requirements of Article 19 of Regulation (EU) No 910/2014.
Last reviewed 28.02.2018
NIS Directive and the energy sector: a patchwork of national implementations
Cyber security: the regulators bare their teeth
D Day for NISD as the EU's Network and Information Systems Directive (NISD) is implemented on May 9, 2018
What is NISR and who is impacted?
What exactly is a Digital Service Provider in the context of NIS Directive? Could you be a DSP and not know it?
NISR: Key deadline ahead as UK DSPs must register by November 1, 2018
NISD: First key deadline as Essential Operators required to register by August 10, 2018
As the implementation date of the NIS Directive approaches we ask: are Digital Service Providers (DSPs) aware of their compliance obligations?
Last month, we launched our 5th Global Women’s Development Programme with 20 associates from across the firm. The p… https://t.co/Z99ScgyKzW
We are now only a week away from our Annual TechLaw Event where we will discuss practical tips and some of the lega… https://t.co/4s8t7pAkza
The EC is proposing to regulate digital operational resilience for the #financialsector which could impact ICT serv… https://t.co/QVt1h6aqZc