14 DAY TRIAL // EU regulators have agreed for the first time on the text of the Network and Information Security (NIS) Directive, a law proposal that will force businesses providing essential services to notify authorities of any cyber-incidents.
On Monday, a statement from the European Parliament revealed that MEPs (Member of the European Parliament) and the EU Council of Ministers voted the first draft of the NIS directive, which will now have to be approved by the Parliament's Internal Market Committee and the Council Committee of Permanent Representatives.
The current version of the NIS Directive says that any major service provider and operator of essential services will have to notify authorities in case of data breaches or cyber-attacks. The directive also says that the companies must also set up security measures robust enough to resist these attacks.
The directive applies to companies in the energy, transport, banking, financial, health, and water supply sectors. Micro and small companies activating in this field will be exempt from reporting.
All EU member states have to identify and name all essential service operators currently activating inside their borders.
Leading Web-based companies are also subject to this directive
Besides businesses providing real-world services, Internet companies like Google, Amazon, eBay and the rest will also need to have solid security measures in place to be allowed to activate inside the EU's borders.
This won't be an issue, since a similar law already exists in the US, and most of these Web companies are already hardened in the realm of cyber-security after spending years fending off hackers.
The Network and Information Security Directive puts an end to a fragmented security reporting platform that was split into 28 different pieces that hardly ever fit together.
The NIS Directive will simplify reporting crime, and indirectly, provide a pan-European insight over the cyber-security status of each country.
"In addition, a network of Computer Security Incidents Response Teams (CSIRTs), set up by each member state to handle incidents, will have to be established to discuss cross border security incidents and identify coordinated responses," the EU Parliament also states.