EU Governments, Lawmakers Agree on Tougher Cybersecurity Rules for Key Sectors

EU countries and legislators agreed on Friday on tougher cyber security rules for large energy, transport and finance companies, digital suppliers and manufacturers of medical devices in the midst of concerns about cyber attacks from state actors and other malicious actors.

Two years ago, the European Commission proposed rules on network security in networks and information systems called the NIS 2 Directive, which in fact extends the scope of the current rule called the NIS Directive.

The new rules cover all medium-sized and large companies in key sectors – energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, wastewater, digital infrastructure, public administration and space.

All medium and large companies in postal and courier services, waste management, chemicals, food manufacturing, medical equipment, computers and electronics, machinery, motor vehicles and digital providers such as online marketplaces, online search engines and social networking service platforms will also be subject to the rules.

Companies are required to assess their cybersecurity risk, notify authorities and take technical and organizational measures to counter the risks, with fines of up to 2% of global turnover for non-compliance.

EU countries and the EU’s cyber security agency ENISA could also assess the risks of critical supply chains according to the rules.

“Cyber ​​threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and to ensure that our citizens and infrastructures are protected,” said EU Industry Director Thierry Breton in a statement.

Read all the latest news, the latest news and IPL 2022 live updates here.

Leave a Comment