Data breaches can cause substantial damage to consumers, businesses and even governments, as the cyber attacks against Sony in 2014 and against Estonia in 2007 showed. To boost defences against such attacks against its essential services, such as electricity supply and air traffic control, the EU has agreed on a common set of basic cyber security rules. We talked to Andreas Schwab, a German member of the EPP group, who is responsible for steering them through Parliament.
Why do we need EU rules on cybersecurity?
We need a European approach because we have so many infrastructures that are really interdependent. If we don't get a fair protection at the European level for these cross-border infrastructures, we will be in trouble.
It's not about all parts of the infrastructure, but only about the digital parts of it and only in a certain number of sectors, such as energy and transport, which are key sectors for the European economy.
What do the new rules foresee?
First of all, member states have to make sure they target the right infrastructure with this legislation. The directive also foresees a certain number of obligations for operators in the areas concerned: they have to set up systems that will create resilience.
This directive sets security obligations not only for operators of critical infrastructure but also for digital service providers. What are they?
We're talking here about search engines, online market platforms and cloud service providers. Although they don't serve critical infrastructure directly, they are nonetheless important for it.
They do already have protection plans against cyber-attacks. We only demand that they notify structured attacks to national authorities. And we don't talk here about every single incident, but only about a serious level of incidents that has to be reported. So the workload is quite small.
How will these new rules benefit Europeans?
A lot of services that citizens use, such as energy, transport and banking, are becoming more and more digitalised. And in all these areas they are heavily reliant on structures that they don't see every day, but which ensure that the services work. If we make these structures safer and more resilient, this will directly benefit European citizens.
On 14 January the Parliament's internal market committee votes on the new rules, which have already been provisionally agreed by the European Parliament, the Council and the Commission. Before they can enter into force, the rules will also need to be approved by MEPs during a plenary session later this year.