On May 17, the Council of the EU (Council) announced it had formally adopted the new EU Directive concerning measures for a high common level of security for network and information systems (Cybersecurity Directive).

The Cybersecurity Directive establishes EU-wide security and incident notification requirements for operators of essential services (such as banking and financial market infrastructures) and digital service providers (such as online marketplaces and online search engines). It also establishes obligations for EU Member States to adopt national strategies on the security of network and information systems and to designate national authorities for similarly related tasks.

Next steps are for the Cybersecurity Directive to be approved by the EU Parliament at second reading. The Council notes that it expects the Cybersecurity Directive to go into effect in August 2016.

For further information on the development of the Cybersecurity Directive, see the Corporate & Financial Weekly Digest edition of December 11, 2015.

A copy of the text of the Cybersecurity Directive (dated April 21, 2016) is available here.

A copy of the Council’s Press Release is available here.