Brussels, 10 November 2022
Socialists and Democrats in the EU Parliament voted in favour of the EU directive setting up a high common level of cybersecurity across the EU.
The new rules, known also as the NIS 2 Directive, adopted today in plenary by the European Parliament with the support of the S&D Group, set the general framework and common approach to the measures that has to be incorporated by member states in their national laws.
The European Parliament also endorsed a new legislation to enhance the cyber-resilience of the financial sector in the EU, known as the Digital Operational Resilience Act (DORA). This legislation is very timely, especially in the context of the rise in cyber threats and the Russian war against Ukraine.
Eva Kaili, S&D negotiator on the NIS 2 Directive in the European Parliament committee on industry, research and energy, said:
“The NIS 2 Directive is a landmark legislation for cybersecurity in the EU. In the face of increasing cyber threats, sophisticated cyberattacks, and escalating cyberwarfare campaigns fuelled by geopolitical tensions, Europe has pioneered in adopting an ambitious framework to establish enhanced cooperation. This framework is designed to ensure the security of the network and information systems that businesses and governments use to deliver essential services for European citizens on a daily basis .
“Our Group has ensured that our priorities are reflected in the adopted agreement on NIS 2 both in terms of the level of ambition and the necessary safeguards to secure its effective implementation. Our priorities are to set stronger risk and incident management measures, harmonise reporting processes and compliance, establish future-proof national strategies, and widen the scope of the rules to include public administration entities. I am convinced that our Group’s positions throughout the negotiations ensure that the adopted agreement on NIS 2 does not undermine what our Group has achieved for Europeans in the field of privacy and data protection. The measures enhancing cybersecurity cannot and should not be in conflict with the General Data Protection Regulation (GDPR).
“The NIS 2 Directive modernises our rules to secure critical services for society and the economy, and complements EU’s efforts to digitise society, the economy, and the industry in a secure way, paving the way for a secure and resilient digital Europe.”
Alfred Sant, MEP and S&D negotiator on the single rulebook maximising cybersecurity for financial services in the EU, said:
“This new legislation on the cyber-resilience in the EU financial sector will protect financial stability in times of great risks stemming from current geopolitical events, especially the Russian war against Ukraine. It was therefore time it became applicable EU law.
“Our Group has ensured that the legislation is balanced, with the right amount of flexibility and proportionality, and that the loopholes are closed. For example, this means that big cloud service providers, that are often from outside the EU and play a crucial role for the functioning of the EU financial system, are subject to strict, harmonised rules.
“As complex cyber threats develop, new risks emerge. As new technologies become part of the financial system, new opportunities emerge as well. The new legislation will help us reach our aims: enhance the integrity of the EU’s financial system, protect investors and their financial data and ensure a solid basis for the upcoming open finance and retail investment strategies.”
Source – S&D Group