|
 Internet
firms to be subject to new cybersecurity rules in EU
Send a link to a friend
[August 08, 2015]
By Julia Fioretti
BRUSSELS (Reuters) - Internet firms such
as Cisco <CSCO.O>, Google <GOOGL.O> and Amazon <AMZN.O> will be subject
to a new EU cybersecurity law forcing them to adopt tough security
measures and possibly report serious breaches to national authorities,
according to a document seen by Reuters.
|
|
 The so-called Network and Information Security Directive has been
stuck in talks between member states and EU lawmakers because of
disagreements over whether to include digital platforms such as
search engines, social networks, e-commerce sites and cloud
computing providers.
Members of the European Parliament want the law to only cover
sectors they consider critical, such as energy, transport and
finance.
But after months of negotiations, digital platforms will now fall
under the law's remit, albeit with less onerous security
obligations, according to the document, which did not provide
details of the obligations.
The paper from Luxembourg, which holds the rotating European Union
presidency, suggests adopting a lighter approach for digital service
platforms which typically do not have direct links to physical
infrastructure such as, for example, a nuclear power company.
Any firm meeting the law's definition of a digital service platform
-- which is still under discussion -- would automatically be covered
to avoid member states taking different approaches and causing
fragmentation across the 28-nation EU.
A cloud computing provider or any other digital firm providing a
service for an infrastructure operator would be subject to the same
rules applying to that operator, according to the document, which
could still change in discussions after the summer.
Internet firms will also be subject to notification requirements in
cases of security breaches, although there is no agreement yet on
whether these should be mandatory or voluntary.
[to top of second column] |
The paper asks member states to express their preferences at a
meeting in September, after which drafting of a full legal text will
start.
Firms in the digital sphere oppose being included in the law's
scope.
"We’re pleased to see digital service platforms subject to a
different regime but we’re disappointed at the lack of recognition
that it is the use of cloud that determines the security risk not
the service itself," said Chris Gow, Senior Manager, Government
Affairs at Cisco.
The European Commission -- the EU executive -- and some member
states reckon that because of the widespread use of Internet
services and the number of businesses that rely on the web they
should also be subject to security rules and reporting requirements.
Currently there is no pan-European cybersecurity law and only
telecoms operators are subject to the incident-reporting
requirements.
(Editing by Mark Potter)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
