The bill transposes bits of several EU directives as well as directive 2016/1148 on measures for a high common level of security of network and information systems, which is supposed to be implemented in national law by May.

It sets minimum standards for digital service providers as well as operators of essential services such as electricity, gas and water companies, ports, railroads, banks and hospitals.

One of the main features of the legislation is the creation of a National Information Security Administration, a body in charge of coordinating responses to cyberthreats.

At the operational level, SI-CERT, the existing computer emergency response team will act as the national computer security incident response team and the Public Administration Ministry will handle this segment for the public administration.

The bill, which has only 45 articles, stipulates that these institutions will be operational as of 2019.