EU member states must, from Friday, adopt new community rules regarding the cybersecurity of critical entities and networks under the revised Common Security Framework Directive.
The European Commission explained, in a statement, that it “was adopted today [quinta-feira] First implementing rules on cybersecurity of critical entities and networks under the Directive on measures to ensure a high common level of cybersecurity in the Union.
This adoption coincides with the deadline for Member States to transpose the Directive into their national legislation, and as of Friday, “all Member States must implement the necessary measures to comply with the cybersecurity rules of this Directive, including supervisory and enforcement measures.” Adds the community executive.
The implementing law adopted by Brussels defines cybersecurity risk management measures, as well as cases in which an incident must be considered significant and companies providing digital infrastructures and services must report it to national authorities, thus aiming to strengthen the EU's cybersecurity.
The implementing regulations will be published in the Official Journal of the European Union and will enter into force after 20 days.
The EU's first cybersecurity law came into force in 2016 and helped create a common level of security for networks and information systems across the EU, then was revised last year with a rollover period that now ends.