On 8th December 2015 the three key European Union institutions – the European Commission, European Parliament, and the Council – agreed on the first EU-wide legislation on cybersecurity. The Directive on Network and Information Society aims to improve cybersecurity capabilities in Member States and to enhance cooperation between Member States on cybersecurity-related issues. The new legislation will require operators to introduce increased security measures to protect their activities. This will, in particular, apply to operators of essential services, including, for example, those active in the energy, transport, banking, and healthcare sectors.
After the agreement of all three institutions, they will each have to approve it formally. The new legislation will then be published in the EU Official Journal. Afterwards, Member States will be given a period of 21 months to implement the Directive into their national legislative frameworks and six more months to identify operators of essential services.
Press release from the European Commission is available here.