Operators of financial, energy, transport and healthcare services and digital service providers subject to EU cybersecurity rules shouldn't face technical measures that are too prescriptive to manage risks and incidents, a senior European Commission official said today, as the commission is weighing how to update the Network and Information Systems Directive next