EU agrees on cyber security rules, forces tech firms to report major breaches
Tue 8 Dec 2015
Members of the European Parliament have today come to an agreement over establishing the unit’s first cyber security legislation, outlined in the 2013 Directive on network and information security (NIS).
The rules will require mandatory cooperation from marketplace giants such as Amazon and eBay, search engines including Google, and leading cloud service providers, encouraging them to contribute information on security frameworks and issues such as hacks and data breaches. According to some reports, smaller digital companies will be exempt, as too will social media networks such as Facebook.
The European Parliament believes that the rules will help improve cybersecurity capabilities of the Member States, as well as helping to protect the EU’s critical infrastructure, across energy, transport, banking and healthcare, from potential cyber attacks.
A further objective will see the introduction of Computer Security Incidents Response Teams (CSIRT), established in each member state to help manage incidents and risks, discuss cross border security issues and conduct coordinated responses.
The negotiators argue that the legislation will be an important step in urging the tech community to help more in preventing cyber terror attacks. A sentiment echoed by Barack Obama last week in the U.S. In an address from the Oval Office on Sunday, Obama called for the hi-tech industry and law enforcers to work together to make it tougher for terrorists and cyber criminals to use technology to escape from justice.
Composed as a directive, the measures will not be enforced on EU member states but will have to be incorporated in any future bills or amends proposed by national parliaments. The provisionally-agreed directive still needs to be officially approved by the Parliament’s internal market committee and the council committee of permanent representatives.
Andrus Ansip, vice president for the Digital Single Market at the European Commission was pleased with the result, commenting that trust and security should be the foundations of the EU’s digital market He argued that if people and businesses are to fully welcome connected digital services, they need to be able to completely trust one another in case of cyber attack or outage.
He added: “The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. Last night’s agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services.”