The European Union (EU) has given the go-ahead to its first legislation on cybersecurity to help vital services including banking combat cyber threat.
Apart from banking, the new law will also impose security and reporting obligations on operators in other industries including energy, transport and health.
The law also mandates digital operators such as online marketplaces, search engines and cloud services to report breaches to national authorities, though security and notification requirements are lighter in case of these operators.
The new law excludes micro- and small digital companies.
The legislation on cybersecurity calls for the formation of a strategic cooperation group to share data in cybersecurity capacity-building. Member states are required to establish a network of computer security incident response teams to manage risks, discuss cross-border security issues and detect coordinated responses.
All EU countries are mandated to implement a national NIS strategy.
Parliament rapporteur Andreas Schwab said: "Cybersecurity incidents very often have a cross-border element and therefore concern more than one EU member state. Fragmentary cybersecurity protection makes us all vulnerable and poses a big security risk for Europe as a whole.
“This directive will establish a common level of network and information security and enhance cooperation among EU member states, which will help prevent cyberattacks on Europe’s important interconnected infrastructures in the future."