TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research & Innovation
  • Security
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Policy & Regulation

Policy & Regulation

First pan-European cyber-security law to be enacted

Martyn Warwick
By Martyn Warwick

Dec 9, 2015

via Flickr © fdecomite (CC BY 2.0)

via Flickr © fdecomite (CC BY 2.0)

  • New Network and Information Security Directive codifies legal responsibilities of Internet companies.
  • Those classified as "essential services" must report all serious breaches of their networks and systems.
  • List includes the likes of Amazon, Cisco, eBay and Google but not social networks such as Facebook and Yahoo.
  • Firms face fines of 5 per cent of global turnover if they fail to report incidents

Legislators have agreed on the basis and principles upon which to fashion the European Union's (EU) first cyber-security law: the Network and Information Security Directive (NISP). Remarkably, the accord came following a mere five-hour-long discussion between the European Parliament and the individual governments of the 28 member states of the EU - a rare event indeed and evidence of genuine political accord and just how seriously the EU now takes the ever-increasing threats and incidences of cyber attacks and the resultant breaches of security and privacy and bringing down of vital commercial and governmental networks and Internet sites.

One of the central tenets of the new law is that ISPs such as Amazon. eBay and Google will be legally bound to report all 'serious breaches' of their networks to the national governments of the EU member states and systems or face serious sanctions. However, social networking sites such as Facebook and Yahoo will not be subject to the same requirements or penalties.

Andus Ansip, the former Prime Minister of Estonia, is now at the European Commission (EC) overseeing the development of Europe's Digital Single Market with the remit to make Europe a world leader in ICT and to fight cybercrime.  He commented, “Trust and security are the very foundations of a Digital Single Market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure.”

Mr. Ansip added, "The Internet knows no borders - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction. The new law will build-up consumers' trust in Internet services, especially cross-border services."

The Network and Information Security Directive codifies in law the security and reporting obligations incumbent on companies and enterprises in what are classified as 'critical and essential sectors'. These include, energy, health, finance and transport.

German MEP, Andreas Schwab, who oversaw the law's passage through the European Parliament said, "Germany pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents. Member states will have to cooperate more on cyber-security – which is more important than ever in light of the current security situation in Europe."

It means that the likes of Amazon, Cisco, Google and Microsoft have been classified as 'essential service providers, alongside the likes of energy, banking, healthcare and transport companies, and they too will be required to report any attacks or breaches.

Andus Ansip again: “We need EU-wide cyber-security solutions. The agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services.”

Günther Oettinger, the EU's Commissioner for the Digital Economy and Society, observed, "The agreement constitutes a major step in improving the resilience of our network and information systems in Europe. Improving cooperation and information exchange between Member States is a key element of the agreed rules and will help us tackle the increasing number of cyber-attacks.”

Now the text of the political agreement will be approved by the European Parliament and the Council. After that  it will gazetted in the EU Official Journal and thus become European law. Henceforth it will be incumbent on relevant businesses and organisations to make themselves completely familiar with their responsibilities under the terms of the new legislation and as "operators of essential services” must be prepared to take all “appropriate security measures” and notify serious incidents to the relevant national body.

The EC expects that the new law will have the effect of making companies much more honest and transparent about the security breaches they suffer and will force the senior management and boards of directors of such enterprises publicly to declare and reveal that a cyber-security breach has happened; something that, in the past, many companies have been most unwilling to acknowledge. Should they fail to so so once the new law is in place, the companies face fines of five per cent of their global revenues.

Related Topics
  • Analysis & Opinion,
  • Business Models,
  • News,
  • Policy & Regulation,
  • Privacy,
  • Security

More Like This

Security

What’s up with… Ericsson, Vodafone, Cellnex and Vapor IO

Jan 12, 2023

5G Evolution Summit

5G for fixed wireless access deployments

Oct 20, 2022

Access Evolution

What’s up with… FCC, Spirent, HPE and VMware

Aug 9, 2022

Access Evolution

Will Rosenworcel finally move and push Gigi Sohn into the FCC seat?

Aug 5, 2022

Security

FCC Acts to Stop International Robocall Scams

May 23, 2022

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:43

MWC23 interview: Mari-Noëlle Jégo-Laveissière, deputy CEO of Orange

12:45

MWC23 interview: Abdu Mudesir, Group CTO, Deutsche Telekom

9:26

MWC23 interview: Greg McCall, Chief Networks Officer, BT

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us

  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2023. All rights reserved. All brands and products are the trademarks of their respective holder(s).