EU institutions agreed on EU Cybersecurity Directive


For the first time, EU institutions agreed that companies providing essential services must be cyberattack-proof. Critical operators in crucial sectors such as

transport and energy companies will have to ensure that the digital infrastructure that they use to deliver essential services, such as traffic control or electricity grid management, is robust enough to withstand cyber-attacks…Online marketplaces like eBay or Amazon, search engines and clouds will also be required to ensure that their infrastructure is secure.

Companies shall also be ready to report security breaches to public authorities.

The “operators of essential services” will be identified by the member States based on a) whether the service is critical for society and the economy, b) whether it depends on network and information systems and c) whether an incident could have significant disruptive effects on its provision or public safety.

The final text of the Cyber Security Directive is not yet available as it still has to be formally approved by Parliament and Council. Once published in the EU Official Journal, member States will have 21 months to transpose the Directive into national law.

The press release MEPs close deal with Council on first ever EU rules on cybersecurity is available at…

For more information, Francesca Giannoni-Crystal

Follow us on& Like us on