The European Parliament on Thursday approved two new directives to make a fist against cybercriminals: NIB2 and DORA. The first directive requires governments and businesses to strengthen their defenses against cyber attacks. The second aims to make the financial sector more resilient.
So reports the European Parliament in a press statement (1).
Cybercrime is becoming a bigger problem by the day. According to European Commission estimates, hackers and cybercriminals caused some 5.5 trillion euros (€5,500 billion) in financial damage by 2020.
The EU cannot let that go over its head. To counter this and at the same time strengthen digital resilience in Europe, the European Parliament voted Thursday to approve two new directives.
The first new directive is the Network and Information Security Directive (2), also known as NIB2. It aims to regulate a common level of cybersecurity to better protect governments, businesses and organizations in Europe from cyber attacks. It updates the original NIS directive, which dates back to 2016, and covers more sectors and activities than before.
In addition to companies and organizations in critical infrastructure-such as energy suppliers, public administration, health care and financial institutions-"key sectors" are also covered by the new rules. These include courier companies, waste management companies, food production companies, Internet service providers and manufacturers of machinery and motor vehicles.
Finally, NIB2 creates a framework for better cooperation and information exchange between regulators and EU member states. In addition, the new directive focuses on supply chain security and creates a European vulnerability database.
The second directive approved by the European Parliament was the Digital Operational Resilience Act, or DORA for short. With it, the European Parliament wants to make the EU's financial sector more resilient to digital disruptions, cyber attacks and other cyber incidents.
"The law introduces and harmonizes digital operational resilience requirements for the EU financial services sector, requiring firms to ensure they can withstand, respond to and recover from all types of information and communications technology (ICT) disruptions and threats," the European Parliament said (3).
The new guidelines should protect some 160,000 entities in EU member states. According to MEP Bart Groothuis (VVD), the directives are "the best cybersecurity legislation" Europe has ever seen. "Ransomware (4) and other cyber threats have haunted Europe for far too long. We must take action to make our companies, governments and society more resilient to hostile cyber operations."
Groothuis continues his story. "If we are attacked on an industrial scale, we have to respond on an industrial scale." The package of measures, he said, ensures that Europe is transforming to a "proactive and service-oriented approach to cyber incidents."
The European Parliament voted overwhelmingly in favor of the new legislation. 577 out of 614 MEPs voted in favor of the directives, 6 voted against and 31 abstained. The Europarliament has agreed to the directives, it is up to the European Council to agree to them. Then member states have 21 months to implement the directives into national law.
https://www.europarl.europa.eu/news/en/press-room/20221107IPR49608/cybersecurity-parliament-adopts-new-law-to-strengthen-eu-wide-resilience
https://www.vpngids.nl/nieuws/eu-breidt-meldplicht-cyberincidenten-uit-naar-meer-sectoren/
https://www.europarl.europa.eu/news/en/headlines/security/20221103STO48002/fighting-cybercrime-new-eu-cybersecurity-laws-explained
https://www.vpngids.nl/veilig-internet/malware/wat-is-ransomware/
