European Union’s First Cybersecurity Law Gets Green Lightby
Industries from banks to energy face security, reporting rules
Nations must also cooperate on network security matters
The European Union approved its first rules on cybersecurity, forcing businesses to strengthen defenses and companies such as Google Inc. and Amazon.com Inc. to report attacks.
The European Parliament endorsed legislation that will impose security and reporting obligations on service operators in industries such as banking, energy, transport and health and on digital operators like search engines and online marketplaces. The law, voted through on Wednesday in Strasbourg, France, also requires EU national governments to cooperate among themselves in the field of network security.
The rules “will help prevent cyberattacks on Europe’s important interconnected infrastructures,” said Andreas Schwab, a German member of the 28-nation EU Parliament who steered the measures through the assembly. EU governments have already supported the legislation.
Network-security incidents resulting from human error, technical failures or cyberattacks cause annual losses of 260 billion euros ($288 billion) to 340 billion euros, the EU Parliament said, citing estimates by the bloc’s agency for network and information security.