EU Cybersecurity Directive Gets OK from European Parliament (March 20, 2014)
European Parliament has voted to adopt proposed cybersecurity rules requiring organizations to meet new security standards and share information in case of security breaches. The proposed measure, the Network & Information Security (NIS) Directive, would apply broadly across European Union organizations handling certain types of critical data, including banking, telecom and Internet services in EU nations. Companies offering services in health care, energy, transportation, cloud computing, e-commerce platforms and social media would be within scope of the proposed rules.
The European Commission proposed the NIS Directive in February 2013, with the goal of establishing common levels of network and information security throughout the EU, along with processes for sharing information about threats, handling cross-border security issues and reporting incidents in the wake of security breaches. Various European Parliament committees have offered amendments in recent months to clarify definitions and determine the scope of the directive. The text of the proposed bill would require adoption by the EU’s Council of Ministers before becoming law. EU Vice President Neelie Kroes called for final agreement on the directive by the end of this year. Under that suggested time table, EU member states would have 18 months to adopt legislation and determine sanctions for violations, and the law could take effect as early as 2016.