New EU cybersecurity rules coming!

It’s not just the China and Russia Governments that are trying to figure out how to deal with big, foreign Internet companies and doing business in their countries.

An upcoming Cybersecurity Directive brought on by the European Union could see tech giants like Google, Cisco and Amazon having to comply with strict security requirements, including having to report data breaches to governments that are part of the EU.

Under the terms of the Network and Information Security Directive—which was originally proposed by the executive body of the EU in 2013 to counter security threats—cloud computing providers, search companies, and even social networks could be held under the same security requirements as companies operating in industries that the EU deems critical to protect. These could include the energy, transportation, and finance industries.

Apparently, EU members debated whether to lump web companies with companies operating in sectors they consider critical, such as energy, transport and finance and ultimately decided to do so with the difference being that web companies would face “less onerous security obligations,” although it’s unclear what those obligations are, the report states.

Various reports note that the details of the law are still subject to change, and countries in the EU will meet in September to discuss before the “drafting of a full legal text will start.”

The EU directive comes at a time when countries like Russia and China have created their own cybersecurity laws that could potentially impact the way foreign web companies conduct business outside of their home countries.

Together with the proposed EU data protection regulation, the Network and Information Security Directive, once adopted, will have an important impact on many public bodies and businesses.

For the first time in the EU, there will be an information security regulatory framework with national authorities and European-wide information security standards.

Notwithstanding the considerable delay to the adoption of the Security Directive to date (June 2015 was the initial target adoption date), the new president of the European Council has given fresh impetus to implementing the Security Directive and the update on 29 June 2015 suggests that it is one step closer to being adopted. It is also interesting to note that the member states also called for a “rapid adoption” of the Security Directive at the European Council meeting last week.

Therefore, it is still safe to assume that the Security Directive will be adopted in time. This will deal a blow to the many who would still like the European Union to impose a more voluntary, industry led set of standards.