Cookies help us to develop our website and to improve its content and availability. Some cookies are necessary to ensure that the website functions properly. You can accept all cookies or just the necessary cookies. To change settings, click Cookie Settings. You can access the settings later from the Cookie practices page of the valvira.fi website.
Select an option below to determine which cookies to allow. When you are ready, click Save and exit. The website works even if you only agree to necessary cookies. There might be some differences, however. You can also change the settings later through our pages. Read more about the cookies on this valvira.fi website.
The necessary cookies are automatically stored on your browser when you use our web service. These cookies are used to ensure that the valvira.fi web service functions as intended.
Web analytics tool (Google Analytics) helps us to understand how our customers use the valvira.fi web service and from where they access the website.
We use the Siteimprove service to monitor the availability of the website, the functioning of links and the visibility of the website on search engines.
Directive on Security of Network and Information Systems (NIS) Main text
Valvira is responsible for monitoring the implementation of the NIS Directive in the healthcare sector in Finland. The law obliges operators of essential services and key digital service providers to report computer security breaches. In Finland, Traficom (Traficom.fi) collects reports from the monitoring authorities and acts as Finland's point of contact for engagement with the EU Member States.
The obligations of the Directive apply to sectors that are essential for the maintenance of critical societal and economic activities, and they are monitored by sector-specific authorities:
Transport – Traficom
Energy supply – The Energy Authority
Healthcare – Valvira
Financial sector – The Financial Supervisory Authority
Financial market infrastructure – The Financial Supervisory Authority
Water supply - ELY Centres
Digital infrastructure – Traficom
Digital services – Traficom
Computer security threats and breaches regarding the social and healthcare sector must be reported to Valvira
The law obliges designated industry-specific organisations to report any computer security threats and breaches that they detect. This obligation is mandatory.
Computer security threats and breaches regarding the social and healthcare sector must be reported to Valvira. The report can be submitted by sending an informal email to kirjaamo(at)valvira.fi. Valvira collects reports from the healthcare sector and submits them to Traficom.
It is also advisable to report computer security threats and breaches to Traficom's National Cyber Security Centre. Notifying the National Cyber Security Centre does not remove the obligation to notify the monitoring authority.
The Directive on Security of Network and Information Systems is the basis for the promotion of cyber security
The Directive on Security of Network and Information Systems and the national legislation form the framework for guiding and monitoring cyber security in key sectors in society. They allow the authorities to form an overall picture of incidents, and they are the platform for cooperation between sectors and authorities that promotes cyber security at national and international levels.
Reporting computer security threats and breaches helps the affected organisation as well as other organisations to prepare for ongoing threats. It is important to prepare for cyber security threats in advance: the Ministry of Social Affairs and Health has published cyber security guidelines (in Finnish) to help the social and healthcare sector to prepare for threats.
National legislation and obligations under the Directive on Security of Network and Information Systems (NIS) entered into force on 9 May 2018.