During the autumn of 2021, the European Parliament adopted a draft cybersecurity directive, the revised ‘Directive on security of network and information systems’ (commonly referred to as ‘NIS2’). When it moved to the Council, additional changes were made; one was to extend the time for Member States to transpose it into national law from 18 months to two years.
Continue Reading Cybersecurity 2.0: European Parliament adopts new draft directive

On 12 March 2019, the European Parliament issued its first position on the text proposed by the European Commission for a Regulation of the European Parliament and of the Council on ENISA (the European Union Agency for Network and Information Security), also known as the EU Cybersecurity Act.

Initiatives to build strong EU-wide cybersecurity

The EU Cybersecurity Act was proposed in 2017 to:

i) Provide a permanent mandate for ENISA (to replace its limited mandate that would have expired in 2020);

ii) Allocate more resources to ENISA to enable it to fulfil its goals; and

iii) Establish an EU framework for cybersecurity certification for products, processes and services that will be valid throughout the EU.

The European Parliament, Council and Commission reached an informal trialogue agreement on the proposal of the EU Cybersecurity Act in December last year. Now that the European Parliament adopted its first-reading position, it is expected that the European Council will adopt the proposed Regulation without further amendments. The Regulation will then be published into the EU Official Journal and will enter into force 20 days following that publication.Continue Reading The European Parliament adopts first stance to proposed EU Cybersecurity Act

On February 14, 2019 the European Commission, European Parliament and Council of the European Union agreed to implement new rules designed to ensure a fair, transparent and predictable business environment to the benefit of both end consumers and entrepreneurs using third-party online platforms for their business. The Council and European Parliament will adopt these new

In September 2017, we published a blog that outlined the Commission’s proposal for a framework on this subject (you can view our blog here). In June 2018, we further reported that the European Parliament, Council of the European Union and the European Commission had reached a political agreement on the rules for the free

The European Parliament has published a non-binding resolution on distributed ledger technologies and blockchains (blockchain technologies).

What is distributed ledger technology?

Best known as the technology behind bitcoin and other crypto-currencies, distributed ledger technology is, in its simplest form, a ledger of digital information maintained in decentralised form across a large network of computers. The information making up the ledger is secured using cryptography and can be accessed using keys and cryptographic signatures. Cyber-attacks are considered to have less impact on such technologies as they need to successfully target many decentralised ledgers.

Positive applications of blockchain technologies

The resolution highlights the potentially positive applications of blockchain technologies across numerous industries and sectors including:

  • Transforming the energy markets by allowing households to produce environmentally friendly energy and exchange it on a peer-to-peer basis;
  • Improving the efficiency of the healthcare sector through electronic health data interoperability;
  • Improving supply chains by facilitating the forwarding and monitoring of the origin of goods and their ingredients or components, and improving transparency, visibility and compliance checking;
  • Enabling the tracking and management of intellectual property and facilitating copyright and patent protection;
  • Improving transparency and reducing transaction costs and hidden costs in the financial sector by better managing and streamlining processes; and
  • The potential of initial coin offerings as an alternative investment instrument in funding SMEs and innovative start-ups.

Continue Reading European Parliament favours innovation-friendly blockchain regulation

On 22 June 2018, the European Commission published a factsheet that provides a visual summary of the actions taken to date to implement its Digital Single Market strategy. The Digital Single Market strategy refers to the European Commission’s mission to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer and data protection, removing geo-blocking and copyright issues.

The factsheet sets out a timeline, which shows the status of each of the Digital Single Market strategy initiatives presented by the Commission since its announcement of the Digital Single Market strategy in 2015. The factsheet shows that 29 legislative initiatives have been presented, of which 17 have been agreed by the European Parliament, the Council of the EU and the Commission.

There remain 12 Commission legislative initiatives that the European Parliament and the Council are yet to reach agreement on. Notably, the forthcoming ePrivacy Regulation initially envisaged as coming into force at the same time as the General Protection Regulation 2016/679 remains very much in the negotiation process. With the upcoming European elections in 2019 looming ever closer, there is a very real danger that unless rapid progress is made, the whole adoption process could find itself put on hold.Continue Reading Commission publishes factsheet on Digital Single Market strategy

On 9 July 2015 the European Parliament published its European agenda on security, setting out the current situation of security in the European Union before identifying three key areas upon which efforts should be focused: terrorism, radicalism and cybercrime.

Cybercrime

The European Parliament recognises the significant threat that cybercrime poses to both businesses and individuals and emphasises that terrorist organisations and organised criminal groups are increasingly using cyberspace to facilitate different avenues of crime. The emphasis on cybercrime follows previous announcements by both EU institutions and cybersecurity experts advocating the need for international cooperation and an overall cybercrime centre to counter the global growth of cybercrime. In order to achieve this a number of counter security methods were set out in the agenda, including:

  • Calling on the European Commission to perform a thorough analysis of law enforcement powers available to tackle this problem and also launch a corresponding awareness and preparedness campaign to promote the threats of cybercrime
  • Highlighting the importance of research and innovation and the need to have a competitive EU security industry to encourage growth within Europe’s security sector

Continue Reading European Parliament publishes its proposals for the security of the EU

U.S. tech giants, like Google and Facebook, found themselves caught between the European Parliament and the European Commission as disagreements continue as to whether Internet service providers should be included within the definition of ‘market operators’ in the Proposed Directive on Network and Information Security (IP/13/94) (the ‘Directive’). Currently, the EU Commission would like to see both search engines and social networks included, whereas the European Parliament prefers a common European framework focusing on critical infrastructure only, such as financial services and power stations.

The EU Parliamentary view is that broadening the scope of the Directive risks undermining the aim of the law which is to protect key or critical services, whereas including ISPs, and as a consequence some U.S. tech giants, would require the tech giants to report global cyber attacks to each of 28 member states’ respective regulators. Those arguing against ISP inclusion argue that they are already highly regulated, and that many of the requirements contained in the proposed Directive are already provided for by commercial contracts and service level agreements, and that the introduction of additional legislation would create added complexity and have a negative impact on innovation within the tech industry.
Continue Reading Tech giants caught between EU disagreements on scope of Proposed Network and Information Security Directive

The Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament has published the latest draft of the proposed Network and Information Security (NIS) Directive (the ‘Directive’) following a series of amendments by MEPs. The proposal for the Directive was first published by the European Commission 7 February 2013 as part of