Organisations operating "essential systems" in the EU will soon have to abide by a new set of cybersecurity rules that were agreed yesterday by the European Union and Council of Europe.
The guidelines mandate that critical systems must be robust enough to withstand cyber attacks, and will apply to all organisations operating within the transport, utilities, banking and finance industries.
Cloud service providers and online marketplaces will also be affected, as well as search engines like Google.
German MEP Andreas Schwab described the agreement between the two supranational bodies as "a milestone" in ending the fragmented approach to cybersecurity in critical sectors currently in place across the 28-nation bloc.
"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents," he said. "Member states will have to cooperate more on cybersecurity - which is even more important in light of the current security situation in Europe."
Schwab added: "This directive marks the beginning of platform regulation. Whilst the Commission's consultation on online platforms is still ongoing, the new rules already foresee concrete definitions - a request that Parliament had made since the beginning in order to give its consent to the inclusion of digital services," he said.
The rules, which are separate from the General Data Protection Regulation currently making its way through the European Parliament, have been welcomed by the security industry.
Piers Wilson, head of product management at Huntsman Security, said: "The EU cybersecurity rules present a real opportunity to move computer security and data protection laws on from the 1990s."
He added, though, that the rules "must ensure that a 'robust' infrastructure is one that can really protect against 21st century threats", meaning not just prevention but also rapid detection and resolution.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunityNews Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directiveNews The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member statesNews The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices
-
The EU's 'long-arm' regulatory approach could create frosty US environment for European tech firmsAnalysis US tech firms are throwing their toys out of the pram over the EU’s Digital Markets Act, but will this come back to bite European companies?
-
EU AI Act risks collapse if consensus not reached, experts warn
Analysis Industry stakeholders have warned the EU AI Act could stifle innovation ahead of a crunch decision
-
Three quarters of UK firms unprepared for NIS2 regulations, study findsNews Senior management can be held personally liable for non-compliance under NIS2 rules
-
US-UK data bridge: Everything you need to knowNews The US-UK data bridge will ease the complexity of transatlantic data transfers
