EU Strikes Cybersecurity Deal to Make Companies Boost Defenses

  • Internet firms like Google would have to report attacks
  • `First ever' EU-wide cybersecurity rules close to becoming law
Photographer: Simon Dawson/Bloomberg, Illustration by Tom Hall/Bloomberg

The European Union moved to step up cybersecurity across its 28 nations by agreeing to new rules obliging businesses to strengthen defenses and forcing companies such as Google Inc. and Inc. to report attacks.

The law, which still needs to be formally approved, would mandate all EU countries to share more intelligence and would require search engines, online cloud services and Internet retail sites, to ensure infrastructure is secure, the European Parliament said in a statement.

“Critical operators” in industries including energy, transport, health and banking, “will have to fulfill security measures and notify significant cyber incidents,” Andreas Schwab, the lead lawmaker on the draft legislation, said in an e-mailed statement. The law would comprise the “first ever EU-wide cybersecurity rules.”

The agreement comes as U.S. lawmakers intensify their push to give law enforcement agencies access to encrypted communications after recent terrorist attacks. Companies such as Google, Apple Inc., and Yahoo! Inc. incorporated stronger encryption in their products after revelations of U.S. spying were exposed by former U.S. contractor Edward Snowden in 2013.

The new EU rules must still be approved by the bloc’s parliament and by representatives of each nation before they can come into force.

Before it's here, it's on the Bloomberg Terminal.