Policy & Law
The European Union has officially published guidelines for a central cybersecurity framework that will allow countries to share information about threats and require companies to disclose when they've suffered major security breaches. The proposal, which was first reported last month, must be approved by the European Parliament before going into effect; it's meant to improve what the EU calls "fragmented" past efforts. If it's passed, countries will have 18 months to adopt a Network and Information Security plan, and to designate an authority to manage cybersecurity. From there, the EU will organize a system to share information and conduct peer reviews of individual countries' systems, though it says it's not looking to dictate specific policies.
A larger effort to centralize cybersecurity
Currently, EU cybersecurity is primarily managed by the European Network and Information Security Agency (ENISA), and this proposal will build on previous laws and projects, with ENISA helping member states develop their own framework. It's a change from previous piecemeal or voluntary systems, but not an unprecedented one. Currently, telecommunication companies must report security, but under this framework, cloud service providers, banks, energy and transportation companies, and others would all need to create a cybersecurity plan and disclose major online attacks. A European Cybercrime Center (EC3), meant to help consolidate cybercrime investigations across Europe, previously opened in mid-January.
We'll email you a reset link.
If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.
Choose an available username to complete sign up.
In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.