The European Parliament adopted a new Cybersecurity Act on Tuesday, ensuring that all products, processes and services sold in EU countries will have to abide by the highest cyber-security standards mandated under the new Act.
A cyber-security certification scheme agreed to between EU member states will ensure that all products and equipment that are part of critical infrastructure, including energy grids, water, energy supplies and banking systems, will be monitored for vulnerabilities and certified if no defects are found.
The new EU Cybersecurity Act, which was passed with 586 votes in favour and 44 against in the EU Parliament on Tuesday, also provides for a permanent mandate and more resources for the European Union Agency for Network and Information Security (ENISA) which serves as the union's official cyber-security agency.
While passing the new Cybersecurity Act, MEPs also adopted a resolution calling for urgent action against China’s growing technological presence in the EU as well as the possibility that embedded backdoors in 5G equipment could allow Chinese manufacturers and authorities to have unauthorised access to private and personal data and telecommunications in the EU.
"They are also concerned that third-country equipment vendors might present a security risk for the EU, due to the laws of their country of origin obliging all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright bans," read a report published by the European Parliament.
The resolution is in response to China's National Intelligence Law which authorises Chinese government agencies to compel domestic firms to "support, assist, and cooperate with state intelligence work", to provide necessary support, assistance, and cooperation to national intelligence work institutions, and also authorises intelligence agencies to "use the necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad".
The resolution also comes not long after investigation carried out by The New York Times found that hackers sponsored by China's People's Liberation Army gained access to a secure network that served as a platform for communications between member states of the European Union.
By infiltrating the secure network, Chinese hackers attempted to gather information about sensitive issues such as the situation in North Korea, Iran's secret nuclear programme, negotiations over the Trans-Pacific Partnership that excluded Beijing, and the relationship between Donald Trump and Vladimir Putin.
"Cyber-attacks and cyber-security are very high on the list of concerns of our public and rightly so, as we are still vulnerable to attacks which can lead to the disclosure of data and other serious issues. Tomorrow, it could be a serious threat that could endanger our health, our security, our safety in broader terms," said Pavel Telicka, ALDE shadow rapporteur after the Cybersecurity Act was passed on Tuesday.
"I believe what we have managed to achieve with the Cyber Security Act, as well as with ENISA, is the right response. One of ENISA's first tasks must be the drafting of a cyber-security scheme for 5G. However, I need to say that I would appreciate if some of the Member States would understand better that we are as strong or as weak as the weakest part of the chain. I think that, apart from the Cybersecurity Act and ENISA, we need a change of mind-set," Telicka added.
Rapporteur Angelika Niebler also said that the passage of the Cybersecurity Act "will enable the EU to keep up with security risks in the digital world for years to come" and that it is among some major steps required to ensure that consumers, as well as the industry, need to be able to trust in IT-solutions."