Petronella Blog Archive

Visit our New Blog

Report Breaches or Face Sanctions

Blog Post

A new European Union cybersecurity law, the Network and Information Security Directive, requires tech firms to report serious data breaches or risk sanctions.

The new cybersecurity law was passed by lawmakers and EU member states on Monday, December 7, 2015 after five hours of negotiations between the European Parliament and EU governments.

The Network Security and Information Security Directive requires companies to report major breaches.  In particular, this legislation targets critical sectors like energy, health, finance and transportation.  Internet companies like Amazon, eBay and Google are included, but have less stringent parameters.  Any such organization experiencing such a breach will have to submit information to national authorities who would also have the authority to impose sanction on companies that do not self-report.

The purpose of the legislation is to create consumer trust, particularly in services and companies that are not bound by national borders.  The law is seen as a positive step in helping fight international cybercrime.