Fighting cybercrime: new EU cybersecurity laws explained

Monday 14 Nov 2022 @ 16:33
EU News

Parliament has passed new laws strengthening EU cybersecurity in key sectors. Find out how they will protect you.

With the rapidly expanding digitalisation of daily life, further accelerated by the Covid-19 pandemic, protection against cyber threats has become essential for society to function properly.

Cyberattacks can prove very costly. According to the European Commission, the annual cost of cybercrime to the global economy is estimated to have reached €5.5 trillion by the end of 2020.

In November 2022, the European Parliament updated EU law to bolster investment in strong cybersecurity for essential services and critical infrastructure and strengthen EU-wide rules.

Read more about how the EU shapes the digital transformation

Tightening cybersecurity obligations – the NIS2 directive

The Network and Information Security directive (NIS2) introduces new rules to advance a high common level of cybersecurity across the EU – both for companies and countries. It also strengthens cybersecurity requirements for medium-sized and large entities that operate and provide services in key sectors.

An update of the 2016 NIS directive, it aims to improve clarity and implementation, as well as address fast-paced developments in this area. It covers more sectors and activities than before, streamlines reporting obligations and addresses supply chain security.

After approval by Parliament on 10 November, it will also need to be approved by EU countries in the Council, after which member states will have 21 months to implement it.

Find out what the main and emerging cyber threats are

More sectors included

The new law expands the scope of sectors and activities that are critical for the economy and society, including energy, transport, banking, health, digital infrastructure, public administration and space. However, it does not cover national and public security, law enforcement or the judiciary. The law applies to public administration at central and regional level, but not parliaments and central banks.

It requires more entities and sectors to take cybersecurity risk management measures, including providers of public electronic communications services, social media operators, manufacturers of critical products (including medical devices), and postal and courier services.

Stricter obligations for countries

The law sets stricter cybersecurity obligations for EU countries when it comes to supervision. It improves the enforcement of those obligations, including by harmonising sanctions across member states. It also aims to improve cooperation between EU countries, including on large-scale incidents, under the umbrella of the EU Agency for Cybersecurity (Enisa).

Protecting the EU’s financial system – Dora

Because the financial sector is more and more dependent on software and digital processes, it also needs increased protection. The digital operational resilience act (Dora) will ensure that the EU's financial sector is more resilient to severe operational disruptions and cyber-attacks. Parliament gave final approval to the legislation, previously agreed with the Council, on 10 November 2022.

The law introduces and harmonises digital operational resilience requirements for the EU’s financial services sector, obliging companies to make sure that they can withstand, respond to and recover from all types of information and communication technology (ICT) related disruptions and threats.

The new rules apply to all companies providing financial services – such as banks, payment providers, electronic money providers, investment firms, crypto-asset service providers as well as to critical ICT third-party service providers.

National authorities will supervise and enforce implementation.

Click here for the full press release

Original article link: https://www.europarl.europa.eu/news/en/headlines/security/20221103STO48002/fighting-cybercrime-new-eu-cybersecurity-laws-explained

Share this article

Latest News from
EU News

EU increases humanitarian aid to Gaza by €25 million

07/11/2023 13:25:00

As part of the EU's continued support to people in Gaza, the Commission will provide a further €25 million in humanitarian aid. This quadruples EU humanitarian assistance to over €100 million for Gaza this year.

President von der Leyen marks the EU's commitment to the Partnership for Global Infrastructure and Investment (PGII) during the event hosted at the G20 in New Delhi

12/09/2023 15:25:00

President von der Leyen recently (09 September 2023) spoke at the G20 event on PGII hosted by Prime Minister Modi and President Biden.

Summer 2023 Economic Forecast: Easing growth momentum amid declining inflation and robust labour market

12/09/2023 13:25:00

The European Commission yesterday presented the Summer 2023 Economic Forecast

Climate change: Deal on a more ambitious Emissions Trading System (ETS)

20/12/2022 10:33:00

On Saturday night, MEPs and EU governments agreed to reform the Emissions Trading System to further reduce industrial emissions and invest more in climate friendly technologies.

EU and Ukraine sign €100 million for the rehabilitation of war-damaged schools *

20/12/2022 09:25:00

Exactly three months after President von der Leyen's announcement in her 2022 State of the Union Address, the European Commission and the Government of Ukraine have signed a €100 million support package for the reconstruction and rehabilitation of schooling facilities damaged in Russia's full-scale war of aggression against Ukraine.

NextGenerationEU: European Commission endorses positive preliminary assessment of Portugal's second request for €1.8 billion disbursement under the Recovery and Resilience Facility

19/12/2022 16:33:00

The European Commission recently (16 December 2022) endorsed a positive preliminary assessment of Portugal's payment request for €1.8 billion of grants and loans under the Recovery and Resilience Facility (RRF), the key instrument at the heart of NextGenerationEU.

WIREDGOV