EU Agrees New Cybersecurity Legislation for Critical Services Organizations

EU Agrees New Cybersecurity Legislation for Critical Services Organizations


The European Union (EU) has reached a political agreement on new legislation that will impose common cybersecurity standards on critical organizations in the sector.

The new directive will replace the existing EU rules on the security of networks and information systems (NIS Directive), which requires an update due to the “increased degree of digitization and interconnection of our society and the ‘increasing the number of cyber-malicious activities worldwide’. . ”

The NIS 2 Directive will cover medium and large organizations operating in critical sectors. These include providers of electronic communications utilities, digital services, wastewater and waste management, critical product manufacturing, postal and courier services, healthcare and public administration.

Among the provisions of the new legislation are the reporting of cybersecurity incidents to the authorities within 24 hours, the correction of software vulnerabilities and the preparation of risk management measures.

It also aims to create stricter enforcement requirements and harmonize sanctions regimes among member states. Essential service operators would face fines of up to 2% of annual turnover for non-compliance, while for major service providers, the maximum fine would be 1.4%.

The measures were initially proposed by the EU Commission in December 2020.

The political agreement will have to be formally approved by the EU member states and the European Parliament. Once approved, Member States will have to transpose the new requirements into national law within 21 months.

Commenting on the announcement, Margrethe Vestager, Executive Vice President of a Digital Europe, said: “We have been working hard for the digital transformation of our society. In recent months, we have launched a number of building blocks, such as the Digital Markets Act and the Digital Services Act.Today, Member States and the European Parliament have also reached an agreement on NIS 2. This is another important step forward in our digital strategy. European Union, this time to ensure that citizens and businesses are protected and have access to essential services ”.

Margaritis Schinas, Vice President of Promoting Our European Lifestyle, stated: “Cybersecurity has always been essential to protecting our economy and our society from cyber threats; it is becoming critical as we move forward in the digital transition. The current geopolitical context makes it even more urgent for the EU to ensure that its legal framework is appropriate for its purpose. By accepting these stronger standards, we are fulfilling our commitment to improving our cybersecurity standards in the EU. Today, the EU is showing its clear determination to defend its readiness and resilience in the face of cyber threats, which are aimed at our economies, our democracies and peace. “

The announcement follows a series of significant cybersecurity initiatives by government agencies. These include President Joe Biden’s Executive Order last year requiring zero confidence in federal agencies, new legislation in the U.S. imposing information obligations on critical infrastructure organizations, and the bill. Telecommunications Product and Infrastructure Security (PSTI) in the UK, which will set new cybersecurity standards for manufacturers. , importers and distributors of connectable devices on the Internet.

Last year, the EU set out plans to set up a Joint Cyber ​​Unit to improve its ability to respond to growing cyber attacks on member states.



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.