Europe’s first cyber law will sting

Author: Lizzie Meager | Published: 16 Dec 2015

EU member states have for the first time agreed union-wide cybersecurity legislation, demonstrating just how seriously it takes one of the biggest threats to financial stability.

The Network and Information Security Directive’s (NIS Directive) main aims are to boost cooperation and information sharing across the states through security response teams, and improve member states’ general defences against cyber-attacks. It will also introduce mandatory breach notifications for certain types of attacks.

"As with all these pan-EU initiatives, each member state is only as strong as its lowest common denominator," said Mark Deem, a partner at Cooley. A weak link anywhere in the chain – which is inevitable, given the scope of countries and companies caught by the new law – could effectively undermine the overall response.

While member states are free to implement the directive as they see fit, discrepancies in approach could cause problems for companies operating...