Editor, Solicitors Journal

EU lawmakers and member states agree on first cyber-security law

10 Dec 2015News

Mandatory breach requirement has 'boy who cried wolf' element, says data protection partner

The European Parliament and governments of EU member states have agreed the first cyber-security law, making it mandatory for companies to report serious breaches or face sanctions.

After lengthy negotiations between the parties, an agreement was reached for a new Network and Information Security (NIS) Directive, amid the ongoing threat of cyber-attacks.

The security and breach notification requirements apply to companies that provide essential services in the transport, energy, health, and finance sectors.

Online companies including Google, eBay, and Amazon all come under the measure.

Andrus Ansip, the European Commission's digital chief, said the new law would increase consumers trust in internet services.

'The internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction,' he remarked.

Commenting on the news, Nicola Fulford, a data protection partner at Kemp Little, said the mandatory breach requirements could prove ineffective in the long term.

'The risk with this situation is that consumers can get data breach fatigue - they become jaded and stop paying attention to data breach notifications,' she remarked.

'The likely result here is inaction. After a certain number of warnings consumers fail to follow practical advice from banks or merchants to help mitigate the impact of a data breach.'

Fulford added that there was element of a 'boy who cried wolf', which was 'one argument against mandatory breach notifications'.

In acknowledging the UK has no mandatory reporting law, Fulford said: 'An organisation's first priority should be to stop breaches from happening in the first place.

'The mandatory security provisions in the NIS Directive will hopefully encourage companies to bolster their security systems and prevent attacks from happening.'

Matthew Rogers is an editorial assistant at Solicitors Journal matthew.rogers@solicitorsjournal.co.uk | @sportslawmatt

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Court rules in favour of child anonymity

The Court of Appeal has issued a landmark ruling granting an anonymity order for a child, PMC, reinforcing protections for vulnerable litigants in the legal system

Action plan announced for Oakhill STC

The government has unveiled an action plan focused on improving safety and standards at Oakhill Secure Training Centre

Riley Foods Limited fined for pollution

Riley Foods Limited was fined £17,000 and must pay costs after polluting a nearby watercourse

Abdol Hossein Azizi v Dama Construction Limited: Appeal dismissed on construction access denial

Access denial during basement excavation leads to structural damage liability in High Court appeal

Disclosure obligations prevail over foreign prosecution concerns in cross-border investigations

High Court ruling clarifies disclosure duties amid international criminal investigations

AI and public law: risks, duties and compliance

AI promises efficiency and savings, but public sector use must comply with legal principles to safeguard fairness and accountability

Supreme Court judgment prompts fraud case review

The Serious Fraud Office has responded to the Supreme Court’s decision impacting several fraud convictions

GPS tags lead to crime reduction

A new report reveals the effectiveness of GPS tagging, which has reduced reoffending rates by 20 percent

Tribunal upholds manifestly unreasonable exception in environmental information dispute

First-tier Tribunal dismisses appeal against Information Commissioner, reinforcing limits on environmental information requests under EIR.

Forestscape Limited successfully challenges asset of community value designation

First-tier Tribunal allows appeal against woodland's ACV classification, emphasising evidential requirements for community value designations.

Jury trials under threat in fraud

Plans to replace juries with specialist judges in fraud trials spark fierce debate over justice, efficiency, and rights

UK migration crackdown could pile pressure on lawyers

Sweeping visa curbs and settlement delays pose major compliance challenges, leaving lawyers to navigate risks for clients

Tribunal upholds disclosure of hydrogen heating environmental information

First-tier Tribunal dismisses Secretary of State appeal on environmental information disclosure

High Court scrutinises prolonged immigration detention amid mental health concerns

Immigration detention challenged where vulnerable detainee's mental health deteriorates significantly

High Court refuses DoLS extension for young sexual offender on licence

High Court declines deprivation of liberty order for rehabilitating juvenile offender

SJ Interview: James Palmer CBE

James Palmer CBE, Partner of Herbert Smith Freehills Kramer, has long been recognised as one of the UK’s most influential corporate lawyers and policy voices. Awarded a CBE in 2025 for his services to business and law, he has combined a high-profile career in M&A with decades of work on legal reform. In this interview, he discusses the challenges of legislative inflation and corporate advice, access to justice, and the future role of technology.

The SQE is failing its own test

Five years on, the SQE is underperforming, and targeted reforms could close persistent gaps.