EU Cybersecurity Law To Keep Companies In Check

Shutterstock

EU lawmakers and member states are making a move to hold Internet firms accountable for reporting serious security breaches or else face sanctions, Reuters reported Monday (Dec. 7).

The new deal, which was reached after hours of negotiations between the European Parliament and EU governments, is the first cybersecurity law the bloc has agreed on passing.

Andrus Ansip, the European Commission’s digital chief, told Reuters the new measure, called the Network and Information Security Directive, will help to build consumers’ trust in the cross-border and domestic Internet services they use.

The directive comes at a time when there are mounting concerns over the threat of cyberattacks and the subsequent privacy and security breaches that can accompany them.

“The Internet knows no border — a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. This agreement is an important step in this direction,” Ansip said.

The Network and Information Security Directive establishes the security and reporting requirements that businesses in critical sectors, such as energy, transport, health and finance, must adhere to when their cybersecurity is compromised, Reuters explained.

While the obligations for an Internet firm will be less stringent than that of an airport, companies like Google and Amazon will still be required to report any serious cybersecurity incidents to law enforcement. If it is found that a company has failed to fulfill this obligation, national authorities will have the power to impose the necessary sanctions as a result.