Technology firms such as Google, Amazon, eBay and Cisco, (but not social networks like Facebook) and those running critical services, such as transport, energy, health and finance will have to report cyber-breaches, under new rules proposed by MEPs. The rules will also establish minimum standards of cybersecurity for banks, energy and water firms.
It is the first time Europe has created EU-wide rules on cybersecurity and comes in the wake of concerns that hackers could target key infrastructures such as airports and power stations.
This new law, known as The Network and Information Security Directive will mean that member states will have to co-operate more on cybersecurity, exchanging information about breaches, offering best practice and assisting member states in securing their infrastructures.
The European Commission’s digital chief, Andrus Ansip, said the new law would build up consumers’ trust in Internet services, especially cross-border services.
“The Internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction.”EU proposes new