Government proposal for implementing the EU’s NIS-directive in Finland

• CSC supports the proposal's viewpoint that the obligations of the Information Society Code (Tietoyhteiskuntakaari) are addressed to IT Service Providers. The list of services that are essential for the society should also be updated.
   
• It is important to set certain minimum criteria for digital service providers' risk management regarding their telecommunication networks. For instance service providers could point out their commitment to risk management and information security by a specific certificate.
   
• Proposed changes to the Information Society Code should include mechanisms to prevent unwanted information leaks. The law should however be applied in a way that small organizations or businesses still maintain their ability to provide services.
   
• When carrying out the risk management and information security, the procedures should be set in a way that they reflect the significance of a possible information leak in a reasonable way.