The study’s aim is to assist the Commission in evaluating the existing legal and policy framework applicable to the security of network and information systems (assessing the role, which the NIS Directive has played in ensuring an adequate level of protection of network and information systems across Europe) and identifying new policy concepts. Based on the evaluation findings and other sources, the study will then identify key problems in the area, including new issues, which have emerged since the adoption of the Directive in 2016, and identify and analyse policy options to address them and assess their potential impacts. CEPS paticipates in the EC Study to support the review of the NIS Directive with the specific role of identifying novel policy concepts and measures not addressed in the current NIS Directive.