An upcoming cyber-security law - the Network and Information Security Directive - from the European Union may see tech companies such as Google, Cisco and Amazon having to obey strict new security requirements. According to Reuters, this can include having to report data breaches to governments that are part of the EU.
It has been decided that dgital platforms will now fall under the law's remit, so cloud computing providers, search companies and social networks could be held to meet the same requirements as companies functioning in industries (energy, transportation, finance) that the EU considers critical to protect under the terms of the Directive.
After debating on whether to include web companies with companies operating in critical sectors, EU members decided to do so with caveat that web companies would face “less onerous security obligations”.
The Reuters report states that the details of the law are still subject to change. Countries in the EU will meet in September to discuss prior to the “drafting of a full legal text”. No pan-European cyber-security law exists and currently only telecoms operators are subject to incident-reporting requirements.