Improving the common level of cybersecurity across the EU

Drawing on the findings of an evaluation of the NIS directive, the IA generally seems to provide a clear and relevant analysis of the shortcomings of the existing NIS Directive and the available policy options for their improvement by a new legal act. It appears that the IA's assumptions are based on a thorough stocktaking exercise involving the consultation of a big number of stakeholders. The IA could however have explained in closer detail practical implications of the proposed initiative. It would have been useful if the IA had provided a fuller impact analysis particularly of potential economic costs and fundamental rights implications, as noted in the RSB opinion. Finally, the range of options assessed is limited to two in addition to the baseline. Given that the final outcome of the assessment is a significant revision of the existing legal framework, one might have expected a more granular formulation of policy options in the IA.