New legislation sets tighter requirements for businesses, administrations, infrastructure ; Differing national cybersecurity measures make the EU more vulnerable ; New “essential sectors” covered such as energy, transport, banking, health
Rules requiring EU countries to meet stricter
supervisory and enforcement measures and harmonise their sanctions were
approved by MEPs on Thursday.
The
legislation, already agreed between MEPs and the Council in May, will
set tighter cybersecurity obligations for risk management, reporting
obligations and information sharing. The requirements cover incident
response, supply chain security, encryption and vulnerability
disclosure, among other provisions.
More entities and sectors will have to
take measures to protect themselves. “Essential sectors” such as the
energy, transport, banking, health, digital infrastructure, public
administration and space sectors will be covered by the new security
provisions.
During negotiations, MEPs insisted on
the need for clear and precise rules for companies, and pushed for the
inclusion of as many governmental and public bodies as possible within
the scope of the directive.
The new rules will also protect
so-called “important sectors” such as postal services, waste management,
chemicals, food, manufacturing of medical devices, electronics,
machinery, motor vehicles and digital providers. All medium-sized and
large companies in selected sectors would fall under the legislation.
It also establishes a framework for
better cooperation and information sharing between different authorities
and member states and creates a European vulnerability database.
Parliament
© European Parliament
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article