The EU Network and Information Security Directive (‘NIS Directive’) contains provisions on security obligations of critical infrastructure providers and operators, as well as incident reports. In Finland, such obligations are laid down in legislation within each sector, and the supervisory authorities in these sectors monitor their compliance. Critical infrastructure operators must ensure the information security of their services and infrastructure, and report any security threats and violations to the supervisory authority in their sector.
We at the NCSC-FI coordinate national and international cooperation, compile a situation picture and report to the EU. The administrative cooperation group composed of authorities in each critical infrastructure sector in Finland exchanges information about security threats and violations, ensures that legislation is up to date, advises and assists critical infrastructure operators in risk-related issues and monitors compliance with security obligations.
The NCSC-FI prepares an annual national report on information security incidents reported in Finland and provides it to the NIS Directive team of the European Commission, which monitors compliance with the Directive and the situation picture in Europe.
Sectors, operators and supervisory authorities covered by the NIS Directive in Finland:
The operators must report any security incidents in their network and information systems to the authorities.