On 17 May, the EU Council adopted the cyber security directive, which will impose new obligations on businesses in high-risk sectors, like energy, transport, health, finance and digital. Businesses affected will have to minimise their cyber risk, ensure continuity of their services, and report major cyber incidents. The directive is likely to come into force in August 2016, and member states will then have 21 months to introduce national implementing laws.
The directive complements the new EU data protection regulation - adopted in April 2016 - which introduces new cyber security obligations across all sectors. Our guide to those rules is here.
For guidance on how to assess your cyber risk, click here.
The network and information security (NIS) directive will increase cooperation between member states on the vital issue of cybersecurity. It lays down security obligations for operators of essential services (in critical sectors such as energy, transport, health and finance) and for digital service providers (online marketplaces, search engines and cloud services).