Editor, Solicitors Journal

EU lawmakers and member states agree on first cyber-security law

10 Dec 2015News

Mandatory breach requirement has 'boy who cried wolf' element, says data protection partner

The European Parliament and governments of EU member states have agreed the first cyber-security law, making it mandatory for companies to report serious breaches or face sanctions.

After lengthy negotiations between the parties, an agreement was reached for a new Network and Information Security (NIS) Directive, amid the ongoing threat of cyber-attacks.

The security and breach notification requirements apply to companies that provide essential services in the transport, energy, health, and finance sectors.

Online companies including Google, eBay, and Amazon all come under the measure.

Andrus Ansip, the European Commission's digital chief, said the new law would increase consumers trust in internet services.

'The internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction,' he remarked.

Commenting on the news, Nicola Fulford, a data protection partner at Kemp Little, said the mandatory breach requirements could prove ineffective in the long term.

'The risk with this situation is that consumers can get data breach fatigue - they become jaded and stop paying attention to data breach notifications,' she remarked.

'The likely result here is inaction. After a certain number of warnings consumers fail to follow practical advice from banks or merchants to help mitigate the impact of a data breach.'

Fulford added that there was element of a 'boy who cried wolf', which was 'one argument against mandatory breach notifications'.

In acknowledging the UK has no mandatory reporting law, Fulford said: 'An organisation's first priority should be to stop breaches from happening in the first place.

'The mandatory security provisions in the NIS Directive will hopefully encourage companies to bolster their security systems and prevent attacks from happening.'

Matthew Rogers is an editorial assistant at Solicitors Journal matthew.rogers@solicitorsjournal.co.uk | @sportslawmatt

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Sycamore Gap trial highlights tree law

The Sycamore Gap trial today centres on iconic tree felling, sparking national discussions on environmental law

SFO and HMRC approach crypto asset regulation

Leading law firm Gherson Solicitors LLP has revealed the differing approaches of SFO and HMRC in crypto orders

ACC and MLA release benchmarking report

The 2025 ACC Law Department Management Benchmarking Report offers insights into legal operations and technology trends

Enforcement needed to uphold upfront information

The CMA may need to impose fines to ensure the property market prioritises upfront material information in transactions

Harrowell & Atkins faces financial penalty

Harrowell & Atkins has reached a regulatory settlement agreement with the SRA, resulting in a £25,000 fine

Court of Appeal upholds mother's relocation to UAE despite domestic abuse concerns

Court prioritises children's welfare in complex international custody dispute involving domestic violence

Matthew Tallentire & Anor v R: witness testimony and jury directions appeal analysis

Court of Appeal dismisses sexual offence convictions appeal involving witness absence commentary

Tecnicas Reunidas Saudia v PCMC establishes precedent for arbitration jurisdiction disputes

High Court clarifies jurisdictional challenges in international arbitration agreements under English law

Ladbrokes v Omi establishes key precedent on disability discrimination comparators

Employment Appeal Tribunal confirms disability discrimination and constructive dismissal in reduced hours case

London Market FOIL rebrands for growth

Following impressive engagement since its inception, FOIL’s London division has been relaunched as London Market FOIL to better serve the unique needs of lawyers in the London and Lloyd’s insurance markets

Standish v Standish: Supreme Court rewrites the rules on matrimonialisation

A landmark ruling redefines when non-matrimonial assets become shared, but leaves key questions unanswered

VAT on independent school fees: a legal analysis of the judicial review claim R (ALR and others) v Chancellor of the Exchequer

Robert Lewis, Alexandra Agnew, Grace Houghton and Elizabeth Fitton from Mishcon de Reya dissect the ruling and its wider implications