Thou shalt report thy breaches – but to who, exactly?
9 Dec 2015 at 16:29, John Leyden and Alexander MartinAfter five hours of negotiations on 7 December, members of the European Parliament and Council finally settled on the wording of the EU's Network and Information Security (NIS) Directive.
The directive was first proposed in 2013 as a means of forwarding the European Union's cybersecurity strategy. As it is a directive, rather than a regulation, member states will have to meet its demands by passing their own domestic laws.
The Network and Information Security Directive targets critical national infrastructure – or operators in energy, transport, health, and banking – and requires them to report cyber security breaches almost as soon as they are discovered or else risk regulatory fines and other sanctions from national authorities who will be given powers to enforce the rules.
Full Article
