The European Commission has just published a report with key findings on how the EU cybersecurity rules under the NIS Directive are implemented in the crucial Energy sector, in particular in electricity, gas and oil areas. The report takes stock of the implementation of the main NIS Directive requirements across the EU, notably on the ways to identify the so-called Operators of Essential Service (OES), security measures, incident notification requirements. The report includes information on governance models chosen, lessons learnt and best practices at national level and presents cybersecurity capabilities of EU associations, organisations and bodies with a role in the energy sector. In addition, it provides an overview of the different public-private collaboration schemes in place across the EU. In line with the Commission Recommendation of 3.4.2019 on cybersecurity in the energy sector, the document supports Member States in addressing energy sector specificities, such as real-time security requirements, cascading effects and the combination of legacy and state-of-the-art technologies, when implementing the NIS Directive.