The Channel logo

News

By | Kieren McCarthy 18th May 2016 17:57

Europe adopts new cybersecurity rules for key players

New obligations on providers of essential services

The European Council has adopted new cybersecurity rules to make networks and information services across the European Union safer and more secure.

The network and information security (NIS) directive [PDF] will require providers of essential services – such as energy, transport, health and finance – and "digital service providers" – such as online marketplaces, search engines and cloud services – to take steps to reduce the risk of cyber attacks and to report any major security incidents.

Member states will specifically identify who they believe fits into the essential services group through criteria listed in the directive and they will be subject to stricter rules.

Weaker rules will apply to digital service providers and the rules will apply to anyone in the various identified market sectors with an exemption for small companies. It means Paypal, Amazon and so on will need to meet a new set of minimum security measures devised by the EU.

"This is an important step towards a more coordinated approach in cybersecurity across Europe," said Council president and Luxembourg prime minister Xavier Bettel.

"All actors, public and private, will have to step up their efforts, in particular by increased cooperation between member states and enhanced security requirements."

As part of the agreement, EU member states have agreed to improve cooperation when it comes to cybersecurity. A new group will be created to make that happen, as well as a new network pulling together the national computer security incident response teams (CSIRTs).

The agreement still has to be officially confirmed by member states. It will be formally approved on December 18 – almost exactly one year since the idea was first mooted – and will then also require formal adoption by the Council and Parliament.

Once in force, member states will have 21 months to adopt the measures with a further six months to identify essential service operators. That all means that starting in 2017, Europe's overall cybersecurity will increase, with all measures in place by the middle of 2019. ®

comment icon Read 3 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'