New EU Cybersecurity Rules Should Promote Security Mitigation, Avoid Compliance Red Tape

BY Heather Greenfield
December 16, 2020

Brussels, BELGIUM — The European Commission published today a legislative proposal to update the 2016 Network and Information Security Directive. 

The proposal aims to reduce regulatory inconsistencies across the EU’s internal market and it encourages security information sharing to help companies effectively address future cybersecurity risks. But the proposal also suggests that cloud computing providers, data centres, electronic communications services, and Content Delivery Network providers be supervised in the same way that more high risk electricity and gas suppliers are. The proposal also sets out a minimum threshold for sanctions and fines of up to 2 percent of annual turnover.

Today’s proposal is part of a broader EU Strategy to address cybersecurity risks. The package also includes a review of the Critical Infrastructure Protection directive, plans to increase actionable information sharing among Member States and stakeholders (“Cyber Shield”), and the creation of a Joint Cyber Unit. The plans also propose made-in-Europe solutions that would exclude non-EU service providers from supporting the EU’s efforts on keeping critical communications and data assets secure. The EU is finally looking to support the emergence of a public European DNS resolver service, and the introduction of a possible duty of care for IoT hardware manufacturers and service providers that risk departing from globally accepted norms. 

On the Network and Information Security Directive proposal the following can be attributed to Alexandre Roure, CCIA Public Policy Senior Manager:

“It is positive that the proposal seeks to harmonise national rules and encourage information sharing for companies to better manage security risks across Europe. However, we hope the final rules will better support companies’ cybersecurity preparedness while avoiding unnecessary compliance burdens.”

Related Articles

Transatlantic Data Flows: CCIA Welcomes Signing of Executive Order Enhancing Privacy Protections for Europeans and Facilitating Transfers

Oct 7, 2022

Washington – President Biden has signed an Executive Order responding to privacy concerns identified by the European Court of Justice (CJEU) in 2020. The Order introduces numerous improvements for European citizens’ privacy under U.S. law, including legally-binding limitations and stronger independent oversight over U.S. government access to Europeans’ data. The Order also provides European citizens…

CCIA Encouraged As Bill Aimed At Boosting Interoperability, Efficiency In Government Software Licensing Advances From Committee

Sep 28, 2022

Washington – The Computer & Communications Industry Association applauded the Senate Homeland Security and Governmental Affairs Committee for advancing legislation that would promote interoperability and efficiency in federal software procurement. The bill, “Strengthening Agency Management and Oversight of Software Assets Act” (SAMOSA, S. 4908), sponsored by Senator Gary Peters (D-Mich.) and Senator Bill Cassidy (R-La.),…

European Media Freedom Act: Fight Against Disinformation and Illegal Content Requires Balanced Relationship Between Media and Online Platforms

Sep 16, 2022

Brussels, BELGIUM — The European Media Freedom Act presented by the European Commission earlier today seeks to introduce new rules to safeguard the independence and pluralism of Europe’s media. The “must-carry” obligation included in the proposal, however, could be abused to force social media and other online platforms to spread disinformation or illegal content, the…