On January 14, the Internal Market Committee has backed the political agreement reached by EU institutions in December on the first EU-wide cybersecurity rules.
MEP’s have approved by 34 votes to 2 the network and information security (NIS) Directive in order to ensure a higher level of security across the EU.
With the new rules, firms supplying essential services (energy, transport, banking etc.) will be required to report serious breaches and cyber attacks to national authorities. Digital service providers such as online marketplaces, search engines and cloud providers will be expected to report major incidents as well.
A cooperation group will be created to better exchange information and best practices at the European level. Each member state will also have to set up a Computer Security Incident Response Teams (CSIRTs) to handle risks and discuss cross-border issues. The Rapporteur MEP Andreas Schwab (DE, EPP) claimed that cooperation on cybersecurity is utmost importance in light of the current security situation.
The NIS Directive has to be finally endorsed by both Council and the full Parliament. After its publication in the Official Journal to the EU, Member states will have 21 months to transpose it into their national laws and six additional months to identify operators of essential services.