Saturday

9th Dec 2023

EU to force firms to report major cyber attacks

  • It is the first time that EU-wide rules on cyber security are to be agreed (Photo: europarl.europa.eu)

Negotiators from the European Parliament and national governments have reached an agreement on new cyber-security rules, shortly before midnight on Monday (7 December).

Companies which fulfil certain essential societal functions will have to make sure that they can resist cyber attacks, and report digital security breaches to national authorities.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

It is the first time that EU-wide rules on cyber security are agreed.

The new EU directive will lay down the criteria to determine if a company qualifies as an “operator of essential service”, but member states will be responsible for identifying these key companies, the European Parliament said in a press release.

The sectors where such essential services will need to be guaranteed are: energy, transport, banking, financial market, health, and water supply.

In its press release, the EP also specified three American internet companies as likely to be falling under the new rules.

“In addition, some internet services providers, such as online marketplaces (e.g. eBay, Amazon), search engines (e.g. Google) and clouds, will also have to ensure the safety of their infrastructure and to report on major incidents,” the press release said.

The new directive will also put a “strategic cooperation group” in place where member states should “exchange information and best practices, draw up guidelines and assist member states in cyber security capacity building”.

A complete assessment of the deal, which was clinched behind closed doors in a so-called trilogue process, is not yet possible until the consolidated text of the compromise is published. This is expected to take a few days.

'Milestone'

But the lead negotiator on behalf of the members of the European Parliament (MEPs) already expressed satisfaction with the deal.

“Today, a milestone has been achieved: we have agreed on first ever EU-wide cyber security rules, which the parliament has advocated for years”, centre-right German MEP Andreas Schwab said.

The European Commission, which proposed the cyber security rules in February 2013, mediated the talks.

Digital affairs commissioner Guenther Oettinger said Tuesday (8 December) the new rules are “a major step in raising the level of cyber security in Europe”.

In a speech last month, Oettinger already signalled the importance of the first-ever pan-European cyber security rules.

“We are opening a European legal book”, he said at an annual event of the European Union Agency for Network and Information Security (Enisa) in Brussels.

The EU agency “will play an even more prominent role”, Oettinger had noted.

In an interview with EUobserver, Enisa's executive director Udo Helmbrecht said he expects a positive effect of one of the directive's main features, the obligation for companies that provide essential public services to report major incidents like a cyber attack.

“Putting obligation of reporting incidents will hopefully create a mechanism that people say: 'oh if I have to report something, then I also have to do something for prevention' and by this increasing IT security”, said Helmbrecht.

The deal still needs approval from the full house of the EP and from national governments.

EU to beef up cybersecurity agency

The Commission's president proposed to set up a European Cybersecurity Agency. The EU already has an agency for Network and Information Security.

Latest News

  1. How Moldova is trying to control tuberculosis
  2. Many problems to solve in Dubai — honesty about them is good
  3. Sudanese fleeing violence find no haven in Egypt or EU
  4. How should EU reform the humanitarian aid system?
  5. EU suggests visa-bans on Israeli settlers, following US example
  6. EU ministers prepare for all-night fiscal debate
  7. Spain's Nadia Calviño backed to be EIB's first female chief
  8. Is there hope for the EU and eurozone?

Stakeholders' Highlights

  1. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  2. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  3. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  4. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?
  5. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  6. UNOPSFostering health system resilience in fragile and conflict-affected countries

Stakeholders' Highlights

  1. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  2. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  3. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  4. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  5. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch
  6. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations

Join EUobserver

Support quality EU news

Join us