Digital Platforms To Be Included In EU Cybersecuity Law

The attempt by the European Union to strengthen data security with its proposed cyber security rules will now include digital platforms.

This means that firms such as Google, Amazon and Facebook could have to compile with new cybersecurity rules that focus on risk management and breach reporting requirements in particular.

Reporting Law

The EU first proposed its cybersecurity legislation back in July 2012. Known as the ‘Network and Information Security Directive’, the rules were originally only aimed at critical industries such as energy, transport and finance.

“As far as network and information systems are concerned, the aim would be to enhance preparedness, strengthen the resilience of critical infrastructure as well as to foster a cyber security culture in the EU,” it said back in 2012.

“The Commission is considering the introduction of a requirement to adopt risk management practices and to report security breaches affecting networks and information systems that are critical to the provision of key economic and societal services,” it added.

But the proposed legislation has faced some criticism over the intervening years, as well as a stiff debate between member states as to whether digital platforms (cloud computing platforms, search engines, e-commerce websites etc) should be included in the new law.

This could potentially mean that companies like Amazon, Google and Facebook would be required by law to report serious breaches to national authorities, at least according to a document seen by Reuters. It said that following months of negotiations, digital platforms will now fall under the law’s remit, albeit with less onerous security obligations.

Details about the less onerous security obligations for digital platforms was not included in the paper that Reuters saw.

Tech Reservations

It should be noted at this point that the Network and Information Security Directive is still being debated, and a meeting is scheduled for September for nation states to express their own preferences, after which the drafting of the full legal text will begin.

What all this essentially means that is a cloud computing provider or any other digital firm providing a service for an infrastructure operator for example, would be subject to the same rules that apply to that operator.

Predictably, this has not gone down well in the tech industry.

“We’re pleased to see digital service platforms subject to a different regime but we’re disappointed at the lack of recognition that it is the use of cloud that determines the security risk not the service itself,” Chris Gow, Senior Manager, Government Affairs at Cisco was quoted by Reuters as saying.

Have you got security skills? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago