EuroCommerce
  • Retail & Wholesale
    • About Retail & Wholesale
    • History of Retail and Wholesale
    • Wholesale in Europe’s Economy
    • Value of European Retail Factbook
    • Transforming Our Sector
    • State of Grocery Retail Report
    • State of nongrocery Retail Report
    • Carbon emissions study
    • E-Commerce Reports
    • Supply Chain Initiative
    • European Textiles Global Value Chain Report
  • Current Issues
    • Commerce for Ukraine
    • #Compliance4All
    • Latest Releases
    • Late Payments
    • Payments
    • Retail and wholesale in the agri-food supply chain
    • Simplify VAT
    • #SingleMarket4All
    • Single Market Barriers Overview
    • Updates on the sector
    • Competitiveness Compass & Simplification
  • Sustainable Commerce
    • Sustainable Textiles
    • Energy Transition
    • Farm to Fork
    • Race to Zero
  • About EuroCommerce
    • Our Actions
    • Our Organisation
    • Our Manifesto 2024-2029
    • Our Members
    • Members’ Benefits
    • Our President & Board
    • Meet our Team
    • Vacancies
    • Contact us
  • Events
    • All Events
    • Policy Talks
    • Awards
    • Wholesale Day
    • Exhibition
  • twitter
  • linkedin
  • youtube
  • bluesky

Food distribution sector calls on EU to exempt medium sized businesses from costly NIS 2 cybersecurity obligations

Press release - Digital, Technology & Payments

30 November 2021

Joint food distribution industry statement from Independant Retail Europe, SME United, HOTREC, EuroCommerce & Serving Europe

Food distribution sector calls on EU to exempt medium sized businesses from costly NIS 2 cybersecurity obligations

The Commission proposal for a NIS 2 Directive would expand the scope of cybersecurity obligations to all medium sized enterprises in the food distribution sector. Such a wide scope would entail massive compliance costs for these companies, even though they are not ‘critical’ (in the sense of the Directive) for local food supply. The signatories of this statement call on EU institutions to exempt from the NIS 2 Directive all medium sized food distribution companies, or ensure that only such companies supplying a critical share of the population be covered.

The European Commission proposal for a NIS 2 Directive widens the scope of the existing Directive to cover all large and medium sized enterprises in selected critical/essential sectors. The new scope would include food distribution, with the objective of avoiding food shortages in case of a cyberattack.

The signatories of this statement, representing SMEs in the food distribution sector at large (e.g. retailers, local food shops, restaurant services, wholesalers, etc.), warn that the extension of the scope to all medium sized food distribution businesses is not proportionate to the risks and leads to very high un-necessary compliance costs[1]. The impact would be particularly high, as food distribution SMEs are characterised by very low-profit margins, and a significant number (e.g. hospitality, wholesale, etc.) are still struggling to recover from the COVID-19 crisis.

To ensure the resilience of critical supply chains in case of a cyberattack, NIS 2 should only cover food distribution companies of systemic relevance, meaning entities for which a cyberattack would create a critical threat to the food supply of populations. Individually, medium sized food distribution (retailers, restaurants, etc.) companies are not critical in this sense: they only represent a small share of the food distribution market, while there are always may local convenient alternatives available to consumers, even if a cybersecurity incident hit a specific SME. Also, although some medium-sized food businesses (e.g. bakeries, butchers, etc.) are essential in the context of regional food production, they are not critical with regards to the network of the entire food supply chain. In the case of a cybersecurity attack, the food production process would not be affected.

Therefore, we call on EU institutions to amend the scope of application of the NIS 2 proposal for the food distribution sector and ensure that:

  • either medium sized food distribution companies are exempt from NIS 2; or
  • it exclusively covers businesses supplying more than 0,5% of the population of a given Member State- reflecting their importance to the food supply of Member States.

[1] As reported in the European Commission's impact assessment (p 70-80).

Download (pdf - 258.75 KB)

EuroCommerce

  • About EuroCommerce
  • Contact us
  • Vacancies
  • Meet our Team
  • Our Members
  • Our President & Board
  • About Retail & Wholesale
  • History of Retail and Wholesale

Press Room

  • Press contacts
  • Latest Releases
  • Updates on the sector
  • Policy Talks
  • Sustainable Commerce
  • Commerce for Ukraine
  • Simplify VAT

Follow us

  • twitter
  • linkedin
  • youtube
  • bluesky
Privacy Policy Terms & Conditions 2025 © All rights reserved to EuroCommerce • Transparency Register ID: 84973761187-60
Made with pride by radikal