After several years of debate, politicians in the European Parliament and European Union Council of Ministers have agreed upon EU-wide legislation aimed at improving cyber security. The Network and Information Security (NIS) Directive is set to have big implications for businesses operating across the EU.
The big effect the new directive will have on businesses is the part which states that any major service provider or operator of essential services must notify the authorities in case they suffer a cyber-attack that results in the loss of data. The directive also aims to put pressure on companies and organisations to make their cyber security robust enough to resist a cyber-attack. Failure to do so could result in hefty fines.
In its first phase the directive will apply to companies operating in the health, water supply, financial, transport and energy sectors.
"Trust and security are the very foundations of a Digital Single Market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure. The internet knows no border – a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. Last night's agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services," said Andrus Ansip, European Commission Vice-President for the Digital Single Market.
The NIS Directive was first suggested in 2013, but due to political wrangling the first draft has only now been approved by ministers.
European officials believe that cybersecurity breaches cost some $280-370 billion per year. The European Parliament and member states will consider whether to approve the new rules in the coming months.
If the text is formally approved by the European Parliament and the Council it will be published in the EU Official Journal and will officially enter into force. Once in place EU Member States will then have 21 months to implement the Directive into their national laws and 6 months more to identify operators of essential services.
How Can PGI Help You Prepare?
Is your organisation prepared for the new EU legislation? If you need advice on how to get your business ready contact the experts at PGI.
PGI will be able to support in a number of ways: