Europe will soon herald in the very first piece of legislation which harmonises cyber security matters across all member states. With political agreement recently reached between the European Parliament, the Council of Ministers and the European Commission, this law, first proposed by the Commission in 2013, will shortly become binding in the Union.

It is becoming more and more frequent for information systems and computing resources – such as networks and databases which enable essential services, businesses and the internet to function – to be affected by security issues. Security incidents are often due to technical failures, unintentional mistakes, or malicious attacks.

The directive finally agreed upon has the precise objective of preventing such incidents – or at least ensuring the most efficient response in the eventuality that they occur. It sets out cyber security obligations for both operators of essential services and digital service providers.

An estimated 150,000 computer viruses are in circulation every day and 148,000 computers are compromised

The digital services covered by the directive are e-commerce platforms, search engines and cloud services. This means that all providers of such digital services will be bound by the obligations provided for in the directive, with the exclusion of small companies. All such providers will be required to take measures to manage cyber risks and report major security incidents to the relevant national authority. The same obligations will be incurred by those operators, identified by each member state, which provide essential services such as energy, health, transport, water and finance services including banks.

Each member state is obliged to designate one or more national authorities for the implementation and enforcement of the directive and to set out a strategy to deal with cyber matters. Every member state must adopt a national network information security strategy defining the strategic objectives and appropriate policy and regulatory measures in relation to cyber security. Member states are also obliged to cooperate in a more efficient and effective manner on matters relating to cyber security.

The next step is for the directive to be formally approved by the European Parliament and the Council, before it becomes legally binding.

Statistics prove that cyber security incidents are on the increase. An estimated 150,000 computer viruses are in circulation every day and 148,000 computers are compromised daily. There is also the not-so-remote possibility that a major critical information infrastructure breakdown occurs in the coming decade which could cause damages running into the billions. Such threats to digital networks and the infrastructures on which so many of our daily activities and services have come to depend cannot be ignored. Digital information systems, in particular the internet, work across borders. A disruption in one country can leave a serious negative impact on another. It is therefore of the utmost importance that Europe gets its act together in order to ensure that all member states can rise to the challenge of combating such cyber security incidents should the need arises.

mariosa@vellacardona.com

Mariosa Vella Cardona is a freelance legal consultant specialising in European law, competition law, consumer law and intellectual property law.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.