Home Knowledge Information Security

Information Security

December 8, 2015
Partner
Leo Moore

In a bid to respond effectively to cyber threats, the EU institutions and individual Member States have adopted EU-level and national cybersecurity strategies and regulation. The Network and Information Security Directive, which was proposed by the Commission in 2013, has been negotiated between the European Parliament and the Council in response to increasing concerns about cyber attacks resulting in security and privacy breaches. It will impact on a wide range of organisations including businesses in sectors such as energy, transport, banking, financial market and health. In addition, some internet services providers, such as online marketplaces, search engines and clouds will also have to ensure the safety of their infrastructure.

The text was agreed by member States on 18 December 2015 and it is currently undergoing technical finalisation. It still needs to be formally approved by Parliament’s Internal Market Committee and the Council Committee of Permanent Representatives before a date can be set for implementation of the Directive.

The Directive aims to ensure a high common level of cybersecurity in the EU, by:

  • Improving Member States’ national cybersecurity capabilities through setting out concrete policy and regulatory measures to maintain a level of network and information security.
  • Improving cooperation between Member States, and between public and private sector bodies against risks and incidents affecting network and information systems.
  • Requiring companies in critical sectors – such as energy, transport, banking and health – as well as key Internet services to adopt risk management practices and report major incidents to the national authorities.

The European Commission’s Vice President for the Digital Single Market, Andrus Ansip, said the new law would build up consumers’ trust in Internet services, especially cross-border services.

With a decision reached, the Network and Information Security Directive will have a major impact on many public bodies and businesses. Under the new measure, for the first time in the EU there will be an information security framework with national regulatory authorities and European-wide information security standards.

Businesses in impacted sectors should urgently review their information security resources, policies and procedures to prepare for the new law.

Follow us on Twitter @WFIDEA

Contributed by: John Magee

 

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all