Though all eyes are on the EU’s General Data Protection Regulation (GDPR) ahead of its May 25 implementation date, there is another EU law set to affect many worldwide tech companies. The Network and Information Security (NIS) directive, which EU members states had to implement within their national laws by Wednesday, will define how network and some enterprise cybersecurity takes shape in the EU and beyond.

Since NIS is a directive, it only serves as a guideline nations must follow when adopting their cybersecurity laws. Certain aspects of the directive, such as what enterprises are covered, the amount of fines for noncompliance, and what constitutes appropriate cybersecurity standards, are left up to each nation state to decide.