NIS Cooperation Group: what it is and how it works 

Table of contents

• The NIS cooperation group: a pillar of network security in Europe
• The purpose of the NIS cooperation group
• The main functions of the cooperation group
• The NIS 2 Directive and the future of cooperation

The NIS cooperation group: a pillar of network security in Europe

The NIS Cooperation Group, established under Article 14 of Directive (EU) 2022/2555, serves as a strategic tool to promote network and system security across the European Union. 

Formed with the aim of facilitating strategic cooperation and information exchange among Member States, the group seeks to strengthen trust and promote the uniform implementation of the NIS Directive. 

Composed of representatives from Member States, the European Commission, and ENISA (the European Union Agency for Cyber Security), the group also includes the European External Action Service and other competent authorities, creating a multilevel collaboration ecosystem. 

The purpose of the NIS cooperation group

The primary goal of the NIS Cooperation Group is to ensure that Member States work together to implement measures aimed at achieving a high common level of cyber security. This is accomplished through activities such as: 

• Sharing best practices. 

• Coordinating national strategies. 

• Monitoring progress in implementing the NIS Directive and its successor, the NIS 2 Directive. 

In addition to supporting the adoption of common policies, the group contributes to risk management through strategic analyses and consultations. These activities are critical for addressing emerging challenges such as cyber incidents, ransomware, and critical vulnerabilities in supply chains. 

The main functions of the cooperation group

The NIS Cooperation Group is a complex, multifunctional body whose activities are structured to address the multiple challenges of network and systems security in the European Union. Its functions are divided into several key areas, all geared toward promoting a common high level of cyber security and strengthening the resilience of the European digital ecosystem.

The responsibilities of the Cooperation Group span multiple levels, providing both strategic and operational support. The following are some of the main functions:

Strategic guidance for the relevant authorities

One of the group’s primary responsibilities is to provide strategic guidance to Member States’ competent authorities to help them implement the NIS Directive and its evolutions, such as the NIS 2 Directive.
These guidelines cover a broad range of topics, including: 

• Managing vulnerabilities in networks and systems. 

• Implementing coordinated vulnerability disclosure policies to prevent cyberattacks. 

• Defining guidelines for identifying essential and important entities that perform critical functions for society and the economy. 

Promotion of information exchange

Strategic cooperation among Member States relies on information sharing. The group facilitates this interaction by offering a platform to: 

• Share details about security incidents, emerging threats, and near-misses. 

• Discuss training initiatives and awareness campaigns. 

• Exchange experiences related to cyber security exercises, which are essential for preparing national teams to respond to large-scale crises. 

Coordination of peer reviews

A crucial task of the group is to organize and oversee peer reviews, collaborative evaluation processes in which Member States analyze each other’s risk management policies and practices.

These reviews aim to: 

• Identify strengths and weaknesses in national cyber security strategies. 

• Propose improvements to enhance the effectiveness of implemented measures. 

• Promote regulatory harmonization among various Member States. 

Risk analysis and protection of supply chains

Coordinated risk assessments are another essential function. The group focuses on identifying critical vulnerabilities in essential infrastructures such as energy, healthcare, finance, and telecommunications. This includes: 

• Analyzing risks related to critical supply chains, with particular attention to dependence on external suppliers and the protection of sensitive data. 

• Developing methodologies to mitigate risks and prevent cyber incidents that could have large-scale impacts. 

Supporting the network of CSIRTs and EU-CyCLONe

The Cooperation Group works closely with the CSIRT Network (Computer Security Incident Response Teams) and EU-CyCLONe (European Cyber Crises Liaison Organisation Network). This collaboration ensures: 

• A coordinated and timely response to large-scale cyber incidents. 

• Integration of analysis results provided by these networks into the EU’s general cyber security strategy. 

• Coordination of follow-up actions after significant crises, improving the ability to learn from past events. 

Involvement of private stakeholders

The group also promotes active dialogue with the private sector, which plays a key role in protecting networks and systems. Through periodic meetings with key stakeholders, the group gathers input on: 

• Emerging operational and strategic challenges in the private sector. 

• Best practices adopted by companies to strengthen their network security. 

• Specific needs of businesses regarding regulations and technical support. 

This inclusive approach allows the group to develop policies that are more aligned with operational realities, improving their effectiveness and acceptance. 

Monitoring and capacity building

Finally, the group is committed to developing the capabilities of Member States by organizing training programs and exchanges of officials between different national administrations. These programs help to: 

• Strengthen the operational capabilities of local teams. 

• Promote the dissemination of advanced technical knowledge among Member States. 

• Create a sense of community among European cyber security experts. 

The NIS 2 Directive and the future of cooperation

With the entry into force of the NIS 2 Directive, the NIS Cooperation Group has taken on an even more central role. The new regulation expands the scope of cyber security, involving a greater number of essential and important entities.

Among the most significant developments are: 

• A greater focus on risk management. 

• The promotion of cross-border strategic cooperation. 

• The inclusion of new critical sectors in network security provisions. 

These developments require ongoing commitment from the group, which must adapt its tools and strategies to the needs of an increasingly complex landscape. 

Questions and answers

1. What is the NIS Cooperation Group? 
   It is a body established by the NIS Directive to promote cooperation among Member States on cyber security. 
2. What is the purpose of the NIS Cooperation Group? 
   To ensure a high common level of cyber security through coordination and information sharing. 
3. Which authorities participate in the Cooperation Group? 
   Representatives from Member States, the European Commission, ENISA, and other European competent authorities. 
4. What is the link between the group and the NIS 2 Directive? 
   The NIS 2 Directive expands the group’s tasks by including new critical sectors and strengthening cross-border cooperation. 
5. How does the group manage cyber security risks? 
   Through strategic analyses, shared assessments, and risk mitigation consultations. 
6. What are peer reviews in the NIS Directive? 
   Evaluation processes among Member States to monitor the implementation of the Directive. 
7. What is ENISA’s role in the group? 
   ENISA supports the group with technical expertise and methodologies for cyber security. 
8. How is the response to cyber incidents coordinated? 
   The group collaborates with the CSIRT Network and EU-CyCLONe to address large-scale crises. 
9. What are the Cooperation Group’s work programs? 
   Biennial plans defining actions to improve network security. 
10. How does the group contribute to supply chain security? 
    Through coordinated risk assessments of critical infrastructures.