Opinion.

MEPs agree first ever EU-wide rules on cybersecurity

17/12/2015

At a glance

Amid government concerns that cyber-attacks on key infrastructure could seriously damage the economy or even lead to the loss of life, MEPs have agreed to create EU-wide rules on cybersecurity. The Network and Information Security Directive will establish minimum standards of cybersecurity for critical service companies in key sectors identified by the European Parliament – energy, transport, banking, financial market, health and water supply. The proposed laws will also apply to some key internet services including marketplaces such as eBay and Amazon, and internet search engines like Google. Micro and small digital companies will get an exemption. Applicable companies will have to fulfil security measures and report serious security breaches to public authorities.

In detail

Additionally, in attempts to improve cooperation between member states and between the public and private sectors, the Directive sets up a strategic cooperation group to exchange information and best practices. The group will then issue member states with guidelines on how to improve cybersecurity. Member states will also have to set up Computer Security Incidents Response Teams, to discuss cross-border security incidents and help identify coordinated steps to take following attacks.

The Directive still needs final approval from the European Parliament. Member states will then need to pass new or amended legislation in their own parliaments to put the Directive in place.

 

Related articles