Former DLA Piper Counsel Alexandra Radulescu has joined Simion & Baciu as Partner.
Operators of essential services are required to notify CERT-RO - the national competent authority for security of networks and information systems - for registration in the Register of operators of essential services by 17 December 2020. Otherwise, these companies risk fines of, in some cases; up to 5% of their turnover.
Though not more than two years have passed since the Directive on security of network and information systems (“NIS Directive”) had to be transposed by the Member States into their national legislation, the European Commission (the “Commission”) has announced, early this year, its intention to review the NIS Directive. The initiative comes earlier than planned, due to the fact that there is a dire need to “further strengthen overall cybersecurity in the Union”.
On October 30, 2020, the European Commission sent a reasoned opinion regarding Romania’s failure to notify the national measures allowing for the identification of operators, the number of operators of essential services and the thresholds used in the identification process. The notification process is part of the implementation process of the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the “NIS Directive”). NIS Directive was transposed into the Romanian legislation through Law no. 362/2018 for ensuring a high common level of security of networks and information systems (“NIS Law”).
The second part of the year 2020 was marked by a very intense regulatory activity carried out by the Romanian Energy Regulatory Authority (“ANRE”), aiming to implement in the secondary legislation the provisions of Regulation (EU) 2019/943 of the European Parliament and of the Council of 5 June 2019 on the internal market (the „Internal Market Regulation”) and the corresponding changes underwent earlier this year by the Energy and Gas Law no. 123/2012 (the “Energy Law”).