The European Union (EU) is close to passing a uniform set of cybersecurity rules which would require all members to implement a “mandatory data breach notification and establish their own cyberattack response teams.” Currently, the EU has no approach to cybersecurity or incident reporting but this new set of rules, referred to as the network and information systems (NIS) directive, is gaining traction after winning the endorsement from an overwhelming majority of its internal market committee. If the rules are passed by the EU Council and full Parliament, which will likely be the case, the EU’s first ever uniform set of cybersecurity rules will go into effect.
Andreas Schwab, the EU parliamentarian driving the reforms, claims “Parliament has pushed hard for a harmonized identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify [authorities of] significant cyber incidents.” Additionally, EU member states will have to put more attention and focus in cooperating on cybersecurity. Cybersecurity has certainly been a hot topic in recent months as the U.S. recently passed the Cybersecurity Information Sharing Act, which has similar information sharing provisions.