EU member states and lawmakers have clinched a deal to prevent cyber attacks by requiring Internet firms like eBay, Amazon and Google to boost their defenses and report breaches, officials said Tuesday.
They said the first EU-wide draft rules agreed late Monday would also oblige power companies, financial institutions as well as transport, health care and water providers to increase security and inform the authorities of attacks.
“This agreement is a major step in raising the level of cybersecurity in Europe,” the European’s Union’s digital commissioner Guenther Oettinger said on his blog.
Under the deal, the EU parliament said, online marketplaces like eBay, Amazon as well as search engines like Google and clouds will have to ensure the safety of their infrastructure and to report on major incidents.
Micro and small digital companies will be exempted from the rules, however.
European businesses and the overall economy lose hundreds of billions of euros a year to cybercrime and cyberattacks, Oettinger said.
“I will not sit back and let these criminals and cyber terrorists attack our businesses, intrude into our private lives and destroy trust in our digital economy and society,” he said.
The new rules are designed to boost consumer, government and business confidence in the technologies and systems that digital networks and services depend on, he said.
They are also designed to ensure electricity, gas and transport sectors “can securely provide their essential services at home and across borders,” he added.
The rules, Oettinger said, are designed to buttress an ambitious plan unveiled earlier this year to overhaul Europe’s fragmented technology landscape to create a “single digital market.”
The European parliament said the deal still had to be approved by the legislature’s internal market committee and the 28 EU member states. It will enter into force as soon as it is published in the EU Official Journal.