|Printable version||E-mail this to a friend|
MEPs close deal with Council on first ever EU rules on cybersecurity
Transport & energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity & management, is robust enough to withstand cyber-attacks, under new rules. Online marketplaces like eBay or Amazon, search engines and clouds will also be required to ensure that their infrastructure is secure.
"Today, a milestone has been achieved: we have agreed on first ever EU-wide cyber-security rules, which the Parliament has advocated for years", said Parliament's rapporteur Andreas Schwab (EPP, DE), after the deal was clinched.
"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents. Member states will have to cooperate more on cybersecurity – which is even more important in light of the current security situation in Europe."
"Moreover this directive marks the beginning of platform regulation. Whilst the Commission's consultation on online platforms is still on-going, the new rules already foresee concrete definitions – a request that Parliament had made since the beginning in order to give its consent to the inclusion of digital services", he concluded.
Making essential services cyberattack-proof
MEPs put an end to current fragmentation of 28 cybersecurity systems by listing sectors - energy, transport, banking, financial market, health and water supply - in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks. These companies must also be ready to report serious security breaches to public authorities.
Member states will have to identify concrete "operators of essential services" from these sectors using certain criteria: whether the service is critical for society and the economy, whether it depends on network and information systems and whether an incident could have significant disruptive effects on its provision or public safety.
In addition, some internet services providers, such as online marketplaces (e.g. eBay, Amazon), search engines (e.g. Google) and clouds, will also have to ensure the safety of their infrastructure and to report on major incidents. Micro and small digital companies will get an exemption, the deal says.
To ensure a high level of security across the EU and to develop trust and confidence among member states, the draft rules sets up a strategic cooperation group to exchange information and best practices, draw up guidelines and assist member states in cybersecurity capacity building.
In addition, a network of Computer Security Incidents Response Teams (CSIRTs), set up by each member state to handle incidents, will have to be established to discuss cross border security incidents and identify coordinated responses.
The provisionally-agreed text still needs to be formally approved by Parliament's Internal Market Committee and the Council Committee of Permanent Representatives.
Note to editors
Information systems, essential networks and services, such as online banking, electricity grids or airport control can be affected by security incidents caused by human mistakes, technical failures or malicious attacks. While such incidents are increasing and are estimated by ENISA (EU agency for Network and information security) to result in annual losses in the range of €260- €340 billion Euros, no common approach on security and reporting currently exists in the EU.
The new rules would increase the preparedness to handle such incidents and improve collaboration among member states as well as public and private sectors.
Latest News from
EFSA reinforces independence policy22/06/2017 16:16:00
The EFSA has a robust, well-balanced independence policy, its Management Board said after approving a number of new measures to further strengthen the Authority’s impartiality and protection against improper influence.
Romania, UK, Belgium & Switzerland – coordinated takedown of a Romanian THB criminal network22/06/2017 15:20:00
On 19 June, Romanian prosecutors from the Directorate for the Investigation of Organised Crime and Terrorism (DIICOT), Piteşti Territorial Service, together with judicial police officers from the organised crime fighting structures within Piteşti, Craiova, Ploiesti, Bucharest, Vâlcea and Dâmboviţa, carried out 71 house searches in Romania.
Solidarity with Italy: €1.2 billion of EU funds to support reconstruction works after the earthquakes22/06/2017 14:10:00
The EC proposes to mobilise €1.2bn under the EU Solidarity Fund, the highest sum ever mobilised in a single instalment, following the earthquakes of 2016 and 2017 in the Italian regions of Abruzzo, Lazio, Marche and Umbria.
EC forges ahead on new transparency rules for tax planning intermediaries22/06/2017 13:37:00
The EC has proposed tough new transparency rules for intermediaries - such as tax advisors, accountants, banks and lawyers - who design and promote tax planning schemes for their clients.
Antitrust: EC fines three car lighting system producers €27m in cartel settlement22/06/2017 13:15:00
The EC has fined Automotive Lighting and Hella a total of €26,744,000 for participating in an automotive lighting cartel, in breach of EU antitrust rules. Valeo was not fined as it revealed the cartel to the Commission. All companies admitted their involvement and agreed to settle.