EU lawmakers, countries agree on bloc's first cyber security law

The European Commission's digital chief, Mr Andrus Ansip, said the new law would build up consumers' trust in Internet services.
The European Commission's digital chief, Mr Andrus Ansip, said the new law would build up consumers' trust in Internet services.PHOTO: REUTERS

BRUSSELS (REUTERS) - European Union (EU) lawmakers and member states struck a deal on the bloc's first cybersecurity law on Monday (Dec 7) that will force Internet firms such as Google and Amazon to report serious breaches or face sanctions.

The deal, following five hours of negotiations between the European Parliament and EU governments, was reached in response to increasing worries about cyber attacks resulting in security and privacy breaches.

The European Commission's digital chief, Mr Andrus Ansip, said the new law would build up consumers' trust in Internet services, especially cross-border services.

"The internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber security solutions. This agreement is an important step in this direction," he said.

The new law, known as Network and Information Security Directive, sets out security and reporting obligations for companies in critical sectors such as transport, energy, health and finance.

Web firms will be subject to less stringent obligations than, for example, airports or oil pipeline operators under the new law.

Web companies such as Google, Amazon, eBay and Cisco will be required to notify serious incidents to the national authorities, which in turn will be able to impose sanctions on companies that fail to do so.