EU cyber security Directive would create a stronger breach notification regime


The EU Commission issued  on 7 February a draft Directive for cyber security. The draft, entitled Directive on Network and Information Security, would oblige market operators and public administrations to report incidents that have a significant impact on the security of the core services provided by them. The competent national authority could, in turn, order these controllers to notify the relevant indviduals.

The notification requirement would apply to public administrations, key Internet companies (e.g. large cloud providers, social networks, e-commerce platforms, search engines), the banking, health, energy and transport sectors. It is proposed that organisations could use a single notification template to notify cyber security incidents that also involve personal data breaches.

Read more about this topic in Privacy Laws & Business International Report, issue 121, February 2013 now available on subscription at


If you would like to comment on this article, please login or register.


Tag cloud