EU Lawmakers Sign First Cybersecurity Deal With European Council

MOSCOW (Sputnik) – European lawmakers have struck a first cybersecurity deal with the European Council to require internet giants and companies that play an essential role in society ensure the security of their infrastructure and report any security breaches, the European Parliament announced.

"A milestone has been achieved: we have agreed on the first ever EU-wide cyber-security rules, which the Parliament has advocated for years," European Parliament (EP) rapporteur Andreas Schwab said in a press release, late on Monday.

Under the new rules, online marketplaces, search engines and cloud database providers, including eBay, Amazon and Google, will be required to maintain their infrastructure's security and report any "major incidents" to national governments. Social networks are said to be excluded from the directive.

The Network and Information Security Directive, subject to formal approval from the European Parliament, is said to harmonize the fragmented cybersecurity regulations of the European Union's 28 member states. A strategic cooperation group has been established to exchange information, draft guidelines and assist member states in building cybersecurity capacity.

The directive requires transport, banking, health, financial market, water supply and energy companies to boost their digital infrastructure to withstand cyberattacks and report serious security breaches.

Essential operators will be specifically identified based on their importance to society and the economy, their dependence on network and information systems, and the scope of a cyberattack's impact on the company's operations and public safety.

EU officials estimate that security incidents caused by human and technical error, as well as malicious attacks, cost the bloc up to $370 billion annually.

The European Commission first proposed the Network and Information Security Directive in 2013.