The current directive is just being implemented, and so there is little or no experience as to how it functions in practice. Instead of revising, should the Commission focus on its effective implementation.
If the European legislators decide to proceed with the revision, they should focus on the further development of a coherent and streamlined regulatory framework for the security of network and information systems, without imposing additional and excessive burdens on industry.
At the same time, any duplication of legislation and inconsistencies with existing sector-specific and digital EU law should be avoided. The revision of the Directive should lead to a further strengthening of the preventive approach. This includes all aspects of detection and recovery by providing more and more detailed information on risks and incidents in the Member States, from national competent authorities to operators of essential services.