The European Parliament adopts new EU-wide rules on cybersecurity

Image credit: EP Audiovisual

New rules on cybersecurity to promote international cooperation against threats have been passed by the European Parliament.

The Directive on Security of Network and Information Systems (NIS), which is expected to come into force in August 2016 and be incorporated into national laws by May 2018, is the first EU-wide guidance on cybersecurity.

It aims to improve cybersecurity within each member state as well as increasing cooperation across the EU on cybersecurity issues.

RELATED CONTENT

EU approves Privacy Shield data sharing deal with the US

European Commission signs public-private partnership on cybersecurity

The directive also brings in risk management and incident reporting obligations for digital service providers and operators of essential services.

Companies in critical sectors such as energy, transport, banking and health, as well as online marketplaces, cloud computing services and search engines, will have to adopt risk management practices and report major incidents.

Member states will be required to appoint one or more authorities responsible for monitoring implementation at a national level.

Each country will create at least one computer security incident response team to react to cyber threats and incidents. These will operate as a network across Europe.

A cooperation group will also be set up to facilitate cooperation across the region.

The group will be made up of representatives of member states, the European Commission and ENISA (the European Union Agency for Network and Information Security) with the European Commission acting as secretariat.

Günther H. Oettinger, the European commissioner with responsibility for the digital economy, said it had been an “important week for cybersecurity in Europe”.

The adoption of the first EU-wide legislation on cybersecurity would support and facilitate strategic cooperation between member states as well as the exchange of information, he said.

European Commission Vice-President Andrus Ansip, who is responsible for the digital single market, said: "If we want people and businesses to make the most of digital services, they need to trust them. A digital single market can only be created in a secure online environment.

“The Directive on Security of Network and Information Systems is the first comprehensive piece of EU legislation on cybersecurity and a fundamental building block for our work in this area.”