Digital Platforms To Be Included In EU Cybersecuity Law

The attempt by the European Union to strengthen data security with its proposed cyber security rules will now include digital platforms.

This means that firms such as Google, Amazon and Facebook could have to compile with new cybersecurity rules that focus on risk management and breach reporting requirements in particular.

Reporting Law

The EU first proposed its cybersecurity legislation back in July 2012. Known as the ‘Network and Information Security Directive’, the rules were originally only aimed at critical industries such as energy, transport and finance.

“As far as network and information systems are concerned, the aim would be to enhance preparedness, strengthen the resilience of critical infrastructure as well as to foster a cyber security culture in the EU,” it said back in 2012.

“The Commission is considering the introduction of a requirement to adopt risk management practices and to report security breaches affecting networks and information systems that are critical to the provision of key economic and societal services,” it added.

But the proposed legislation has faced some criticism over the intervening years, as well as a stiff debate between member states as to whether digital platforms (cloud computing platforms, search engines, e-commerce websites etc) should be included in the new law.

This could potentially mean that companies like Amazon, Google and Facebook would be required by law to report serious breaches to national authorities, at least according to a document seen by Reuters. It said that following months of negotiations, digital platforms will now fall under the law’s remit, albeit with less onerous security obligations.

Details about the less onerous security obligations for digital platforms was not included in the paper that Reuters saw.

Tech Reservations

It should be noted at this point that the Network and Information Security Directive is still being debated, and a meeting is scheduled for September for nation states to express their own preferences, after which the drafting of the full legal text will begin.

What all this essentially means that is a cloud computing provider or any other digital firm providing a service for an infrastructure operator for example, would be subject to the same rules that apply to that operator.

Predictably, this has not gone down well in the tech industry.

“We’re pleased to see digital service platforms subject to a different regime but we’re disappointed at the lack of recognition that it is the use of cloud that determines the security risk not the service itself,” Chris Gow, Senior Manager, Government Affairs at Cisco was quoted by Reuters as saying.

Have you got security skills? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago