Network and information security
Executive consults on possible legislative proposal
By Manon Malhère | Monday 23 July 2012
The European Commission opened a consultation, on 23 July, on network and information security (NIS) with a view to presenting a legislative proposal
It is inviting interested parties (governments, businesses and citizens) to share their experiences on cyber incidents that can affect NIS, and on possible responses that could be adopted by the EU.
Online attacks are becoming more and more frequent, and cyber incidents can also be triggered by natural disasters, human error or technical failure, as well as by malicious attacks, esponiage, terrorism or state-sponsored activity.
The aim of this consultation is to help the Commission to prepare a legislative proposal. It could propose the introduction of requirements for risk management and reporting of security breaches affecting NIS, which are critical to the provision of key services, such as in the financial, energy and transport sectors. For now, the electronic communciations sector is the only one where companies are required under EU law to adopt risk management practices and report security incidents (Directive 2002/21, revised in 2009). The Commission is also considering introducing rules governing the internet.
The legislative text will be an important element of the EU’s strategy on cyber security, which will be published by the Commission in the next few months. n(1) The consultation is available at ec.europa.eu/yourvoice/ipm/forms/dispatch?form=securitystrategy2