First EU-wide legislation on Cybersecurity agreed - Main contents
Every day, cybercrime and cyberattacks cause major economic damage to European businesses and our economy. This amounts to hundreds of billions of euro each year. Even ordinary families and children cannot escape this risk.
Earlier this month it became public that hackers have obtained names, passwords, homes addresses and birthdays of 5 million adults and 200,000 children from VTech, a Chinese toy manufacturer whose toy tablets, phones, and baby monitors may be in your homes or waiting under the Christmas tree. I will not sit back and let these criminals and cyber terrorists attack our businesses, intrude into our private lives and destroy trust in our digital economy and society. We must combat these cyber-threats together and with great urgency.
I am very happy that late last night the European Parliament and the Luxemburgish Presidency of the Council reached a political agreement on a proposal of the European Commission on a common level of network and information security in the EU. This agreement is a major step in raising the level of cybersecurity in Europe, one of the objectives of the EU cybersecurity strategy and a cornerstone in our efforts towards a Digital Single Market.
The new rules act on three levels:
Firstly, they will improve cybersecurity in EU countries. Each Member State is obliged to have a national strategy, to identify who will enforce this and to set up a Computer Security Incident Response Team to handle incidents and risks.
Secondly, and because the internet and cyber-attacks don't stop at national borders, the rules will help Member States and their Computer Security Incident response teams to cooperate on cybersecurity issues and to share information about risks.
Finally the rules mean that operators of essential services - like power companies, financial institutions, transport providers, healthcare and digital infrastructure - and those who provide the online marketplaces, search engines and cloud computing services at the heart of the digital economy, must take appropriate security measures and inform the authorities when they have a cyber- incident.
The rules will make digital networks and services more secure and reliable. Consumers will have more confidence in the technologies, services and systems they rely on day-to-day. The EU economy will benefit as sectors that depend on Network and Information Security will be backed up by cybersecurity teams at home and across Europe. Governments and businesses can be confident that digital networks and critical infrastructure such as the electricity, gas and transport sectors can securely provide their essential services at home and across borders.
This is a crucial step for the Digital Single Market. The rules take a fully harmonised approach to the regulation of digital players across the single market. Europe has struck the right balance here making it possible to provide services on the basis of a single set of rules in the EU, but without placing un-due burden on these companies which are central to Europe's future competitiveness.
We must not stop here. To stimulate the competitiveness and innovation capacities of the digital security and privacy industry in Europe, I will establish a contractual public-private partnership on cybersecurity in 2016, as announced in the Digital Single Market strategy. We will launch a public consultation to help us prepare this before the end of the year.
This initiative should be instrumental in structuring research and innovation for digital security in Europe, ensuring that there will be a sustained supply of innovative cybersecurity products and services. I want European citizens and businesses to have access to the latest digital security technology developments, secured infrastructures and best practices, which are trustworthy and based on European rules and values.
Read more ...