EU governments and parliamentarians agree to tighten cybersecurity rules

European Union (EU) countries and lawmakers agreed on Friday to tougher cybersecurity rules for major energy, transport and financial companies, digital providers and medical device manufacturers amid concerns over cyberattacks by actors. government agencies and other malicious individuals or groups.

Two years ago, the European Commission proposed rules on cybersecurity of networks and information systems called the NIS Directive 2, actually expanding the scope of the current rule known as the NIS Directive.

The new rules cover all medium and large companies in key sectors – energy, transport, banking, financial market infrastructure, healthcare, vaccines and medical devices, sanitation, digital infrastructure, public administration and space.

All medium and large companies in postal services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles and digital providers such as online marketplaces, search engines and Social networking service platforms will also fall under the rules.

Companies are required to assess their cybersecurity risk, notify authorities and take technical and organizational measures to combat the risks, with fines of up to 2% of global revenue for non-compliance.

European Union countries and the bloc’s cybersecurity agency, Enisa, can also assess the risks of critical supply chains within the rules.

“Cyber ​​threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and ensure that our citizens and infrastructure are protected,” said EU Industry Chief Thierry Breton in a statement.