At our recent in house lawyer seminars we discussed the proposed European Commission directive for network and information security.
The UK Government has issued a call for evidence in relation to the proposed directive, and is preparing an initial impact assessment on its potential effects on the UK.
The proposed directive will oblige all EU member states to produce a national cybersecurity strategy and a computer emergency response team to help organisations respond to computer security incidents and advise on reducing the threat exposure.
Member states would face mandatory information sharing, and would see the creation of a EU cooperation plan and early warnings for cyber incidents, in addition to the requirement to report to a ‘competent authority’ any security breaches that have a significant impact on the provision of services.
This would impact on a number of sectors, including public administration, finance, energy, transport and health sectors and ‘enablers of internet society services’ i.e. app stores, cloud service providers, social networks and e-payment providers.