The European Commission to review rules for critical networks
The European Commission plans to revise the European Critical Infrastructure (ECI) Protection Directive 2008/114/EC which lays out security obligations for companies that provide critical infrastructure services in Europe.
This potential review would happen while member states are still getting used to the EU’s Directive on security of network and information systems (NIS Directive (EU) 2016/1148)) of 2016 which deals with cybersecurity threats on critical infrastructure specifically.
Early this year, the Commission had contucted a public consultation on how to adapt the ECI directive. This directive which dates to 2008, is limited in scope and doesn’t protect much against cyberattacks nor hybrid attacks like disinformation campaigns.
One sector is almost sure to face new rules: finance
Banks firms are looking at new cyber rules, stress tests and reporting demands under an initiative that the next Commission could launch next year, according to the draft objectives for the next European Commission. (see newletter 23/08/2019). Cybersecurity rules for banks would put specific requirements on computer and network systems used by banks; force banks to report cyber incidents and create a “cyber resilient testing framework.” |
