Google, Amazon, and other large service providers that store vast amounts of personal data, face the possibility of having to report major security blunders to national authorities in the EU.
A set of proposed new rules for what the European Union has sadly insisted on describing as “cyber-security” were backed by MEPs on the internal market committee on Thursday.
The draft Network and Information Systems (NIS) directive still has to pass muster with the European Council and the European Parliament once it has been eyeballed by legal eagles.
The rules—which, according to German politico Andreas Schwab, will require search engine, cloud, and marketplace providers to “notify structured attacks to national authorities”—were tentatively waved through by MEPs and Council negotiators late last year.
It’s hoped that the new rules will bring about a more cohesive approach to security measures across the 28-member-state bloc.
“Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents,” Schwab said.
“Member states will also have to cooperate more on cybersecurity—which is even more important in light of the current security situation in Europe.”
The proposed rules, which will exclude smaller online players from the scope of the directive, were approved by 34 votes to two by MEPs sitting on the internal market committee.
If the measures get the go-ahead, EU member states will be required to identify key operators of essential services and networks, such as online banking.
A full plenary vote on the planned rules is expected later this year. If approved, member states will have 21 months to transpose the directive into national laws.
SOURCE: Kelly Fiveash | Ars Technica