Brussels, 13/03/2014 (Agence Europe) - On 13 March, the European Parliament adopted the report by Andreas Schwab (EPP, Germany) on network and information security by 521 votes in favour, 22 against and 25 abstentions. The directive proposed by the European Commission (see EUROPE 10781) seeks to ensure that critical infrastructure network operators give official notification to the national authorities in the event of cyber attacks being carried out. The text voted on at the Parliament does not make this compulsory for social networks, cloud service providers or other internet services, and states that notification should only be made on a voluntary basis. The conditions that allow for sanctions to be imposed on companies that are not sufficiently protected against cyber attacks have also been made more lenient - a penalty can only be imposed if the company has deliberately neglected its security obligations. Cooperation between the appropriate authorities in the area of network and information security is also expected to be stepped up, with member states being obliged to create single contact points to facilitate cross-border cooperation. The only stipulation by the Commission was for cooperation between the member states' relevant authorities to be increased. The report beefs up data protection requirements when cyber attacks are notified which involve personal data.
European Commissioner for the Digital Agenda Neelie Kroes was delighted with the European Parliament's vote and said that “this is very positive news for European citizens (…) Member states need to be ready to address to cyber attacks. Today there are gaps in some countries and we have to fill them.” (IL)