BRUSSELS (Reuters) - EU lawmakers and member states struck a deal on the bloc’s first cybersecurity law on Monday that will force Internet firms such as Google and Amazon to report serious breaches or face sanctions.
The deal, following five hours of negotiations between European Parliament and EU governments, was reached in response to increasing worries about cyber attacks resulting in security and privacy breaches.
The European Commission’s digital chief Andrus Ansip said the new law would build up consumers’ trust in Internet services, especially cross-border services.
“The internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cybersecurity solutions. This agreement is an important step in this direction,” he said.
The new law known as Network and Information Security Directive sets out security and reporting obligations for companies in critical sectors such as transport, energy, health and finance.
Web firms will be subject to less stringent obligations, than, say, airports or oil pipeline operators, under the new law.
Under the new law, web companies such as Google, Amazon, eBay and Cisco will be required to notify serious incidents to national authorities which in turn will be able to impose sanctions on companies which fail to do so.
Reporting by Julia Fioretti, writing by Foo Yun Chee; editing by Grant McCool