EU to impose rules on Internet firms to prevent digital attacks

EU firms will be forced to report data breaches to authoritie, after European lawmakers approved the first ever EU-wide legislation on cybersecurity today. E-commerce platforms, search engines and cloud service providers will all be subject to the reporting requirements. Companies that do not comply with the new cyber security law would face sanctions.

The EU’s first cyber-security law has been decided upon by the European Parliament and member states.

The governance of the new law at a national level will come under a regulatory authority, such as the Information Commissioner’s Office (ICO) in the UK.

“I will not sit back and let these criminals and cyber terrorists attack our businesses, intrude into our private lives and destroy trust in our digital economy and society”, he said.

The rules are expected to apply to major banks, companies engaged in financial trading and operators of electricity and oil and gas networks are expected to be among the organisations, as well as organisations that oversee air, road and rail transport systems, health providers, companies overseeing water supply and operators of digital infrastructure such as domain name system service providers.

“Parliament has pushed hard for a harmonized identification of critical operators in energy, transport, health or banking fields, which will have to fulfill security measures and notify significant cyber incidents”. European businesses and the overall economy lose hundreds of billions of euros a year to cybercrime and cyberattacks, Oettinger said. The European Commission’s digital chief Andrus Ansip said it is created to build consumers’ trust in Internet services.

A new information sharing initiative is also envisaged under the Directive to ensure that countries pass on details of cyber threats and incidents to ensure a better coordinated response to such risks across the EU. Last night’s agreement is an important step in this direction, but we can not stop here: “we plan an ambitious partnership with the industry in the coming months to develop more secure products and services”.

This won’t be an issue, since a similar law already exists in the USA, and most of these Web companies are already hardened in the realm of cyber-security after spending years fending off hackers.