Off the wire
Japan's ruling LDP split over Tokyo governor race  • China suffers second consecutive loss in 2016 Stankovic Cup  • 4 injured in suspected car-ramming attack in West Bank  • Feature: Snapshots of Chinese flood fighters  • S. African DP urges Muslim community to join fight against religious intolerance  • Vietnam thanks China for help in search, rescue of missing airplane  • Brexit referendum to slightly dampen German economy: research group  • China should brace for more floods: premier  • China says arbitral tribunal has no jurisdiction over China's historical rights  • Interview: Tribunal should make amends for South China Sea arbitration: expert  
You are here:   Home

MEPs adopt 1st EU-wide cyber security law

Xinhua, July 6, 2016 Adjust font size:

The European Parliament (EP) backed new rules on cyber security on Wednesday at its plenary session here.

MEPs approved the EU network and information security (NIS) directive aimed at setting common cyber security standards and stepping up cooperation among EU countries to help firms protect themselves against cyber threats.

"Cyber security incidents very often have a cross-border element and therefore concern more than one EU member state," said German MEP and rapporteur Andreas Schwab.

"Fragmentary cyber security protection makes us all vulnerable and poses a big security risk for Europe as a whole," he continued.

The European Network and Information Security Agency (ENISA) believes that incidents and attacks on information systems of enterprises and private citizens costs 260 to 340 billion euros (288 to 377 billion U.S. dollars) a year and poses growing dangers for European companies in the digital era.

"This directive will establish a common level of network and information security and enhance cooperation among EU member states," Schwab continued. "This will help prevent cyber attacks on Europe's important interconnected infrastructures in the future."

The directive, the first EU-wide law on cyber security, validates an agreement reached last December between the EP and the European Council, primarily concerning cyber security in key sectors such as energy, transport and banking.

EU member states will have to identify entities in these sectors using specific criteria, such as whether the service is critical for society and the economy and whether an incident would have significant disruptive effects on the provision of that service.

Some digital service providers, such as online marketplaces like Amazon, search engines like Google, and cloud services will also have to take measures to ensure the safety of their infrastructure and will have to report major incidents to national authorities.

EU states will also have to set up a network of computer security incident response teams (CSIRTs) to handle incidents and risks, discuss cross-border security, and identify coordinated responses.

Also on Tuesday, the European Commission announced a new public-private partnership on cyber security which is expected to generate 1.8 billion euros in investment by 2020.

Guenther Oettinger, the commissioner for the digital economy and society, urged EU member states and all cyber security organizations to "pool their knowledge, information and expertise to improve cyber resilience in Europe."

Once the directive takes effect, member states will have 21 months to apply it into their national legislation and six additional months to identify operators of essential services. (1 euro = 1.11 U.S. dollars) Endit