EU governments and lawmakers agree on tougher cybersecurity rules for key sectors – Security

European Union lawmakers agreed on Friday to toughen cybersecurity rules for big energy, transport and financial firms, digital providers and medical device makers, amid concerns about cyberattacks by state actors and other malicious actors.

Two years ago, the European Commission proposed rules on the cybersecurity of networks and information systems called the NIS Directive 2, broadening the scope of the current rule known as the NIS Directive.

The new rules cover all medium and large companies in essential sectors – energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, wastewater, digital infrastructure, public administration and space.

All medium and large companies in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, passenger vehicles engine and digital providers such as online marketplaces, online search engines and social networking service platforms will also fall under the rules.

Companies are required to assess their cybersecurity risk, notify the authorities and take technical and organizational measures to counter the risks, with fines of up to 2% of global turnover for non-compliance.

EU countries and the European cybersecurity agency ENISA could also assess the risks of critical supply chains under the rules.

“Cyber ​​threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and ensure that our citizens and infrastructure are protected,” said European industry chief Thierry Breton. in a press release.

Source link