On Tuesday 17th May 2016, new cybersecurity legislation was officially adopted by European ministers, ushering in a new era during which a plethora of national laws are expected to be made over the coming years. The new Network and Information Security Directive will ensure that network risks are managed and lowered by both digital service providers and essential services. Though a final decision by the European Parliament is still required, the laws have already been agreed in principle.
The new legislation means that companies dealing in cloud services, online marketplaces and search engines, to name a few, will have to actively take steps to manage their networks’ risks. It also means that any breaches or cyber incidents will have to be identified, with national authorities being quickly notified of the events. An additional ruling means that every country included in the 28 member state union will have to allocate at least one national authority to officially deal with any cyber threats encountered. This should facilitate the flow of information and help reduce the fallout of attacks.
The arrival of the agreement marks an important step forward for European legislation regarding cybercrime, particularly as there were some sticking points during the process. One of these pertained to which companies would be categorised as “digital service providers.” In the final draft of the rules, a compromise was made, and it was agreed that any firms already falling under “sector-specific” legislation regarding computing network and cybersecurity rules would be exempt from the new laws. It is now down to individual nations to draw up lists of firms that will not be exempt and will need, therefore, to begin providing cyber threat and attack data to national authorities.
The development of the directive has taken some time, but it seems that the ministers involved are now keen to move the process forward quickly. For example, the Network and Information Security Agency has already started its work on implementing the new rules. The directive’s computer security incident response teams have already had two informal meetings, clearly showing that the authorities are not messing around when it comes to battling against cybercrime.
The legislation still requires an official ruling from the European Parliament. Ministers have agreed to the directive in principle, but a parliamentary decision needs to be made to allow the rules to become legal and binding in August 2016.
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, Enterprise Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.