The proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union was put forward by the European Commission in 2013. Two years later, the Parliament and the Council have agreed on a set of measures to boost the overall level of cybersecurity in the EU.
The new rules will:
- improve cybersecurity capabilities in Member States
- improve Member States' cooperation on cybersecurity
- require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services like search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities.
Following this political agreement, the text will have to be formally approved by the European Parliament and the Council. Upon publication of the adopted text in the Official Journal, the Member States will have 21 months to implement this Directive into their national laws and 6 months more to identify operators of essential services.
For more information, read the press release.
You can find here the original text of the Directive, as proposed in 2013. The new text will be available once adopted.