Who Are the Digital Service Providers (DSP) under the NIS Directive?

In a previous article, we discussed what the NIS Directive is. The European Union developed the Directive in response to the emerging cyber threats to critical infrastructure and the impact cyber-attacks have on society and the European digital market.The NIS Directive sets three primary objectives:to improve the national information security capabilities of the Member States,to build mutual cooperation at EU level, andto promote a culture of risk management and incident reporting among actors of particular importance for the maintenance of key economic and societal activities in the Union.The “actors of particular importance” are the operators providing essential services (OES) and digital service providers (DSP) in the EU. In this post, we are going to discuss digital service providers (DSPs).Who are Digital Service Providers (DSPs)?A “digital service” is defined within the Directive (EU) 2015/1535 as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.For the scope of the NIS Directive, DSPs are limited to only three types of services, as defined in Annex III of the Directive:Cloud computing service.Online marketplace.Online search engines.The Directive does not require Member States to identify which digital service providers are subject to the relevant obligations. Therefore, the Directive’s obligations, i.e. the security and notifications requirements set out in Article 16, digital service providers under directive