Tech majors such as Google and Amazon will need to ensure their digital networks are secure enough to guard against cyberattacks. Additionally, they will have to report major data breaches, according to new cybersecurity rules proposed by Members of the European Parliament (MEPs) and the Luxembourg Presidency of the EU Council of Ministers. These are the first such EU-wide rules on cybersecurity.
"Today, a milestone has been achieved: we have agreed on first ever EU-wide cybersecurity rules, which the Parliament has advocated for years," said Andreas Schwab, the German MEP.
"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents. Member-states will have to cooperate more on cybersecurity – which is even more important in light of the current security situation in Europe."
Although ecommerce retailers such as Amazon and eBay as well as Google and other cloud service providers will be forced to report major attacks, there will be exemption in case of micro and small digital companies.
The new rules aim to ensure high-level security across the European Union as well as build cooperation among member-states for information exchange and best practices and provide assistance in improving cybersecurity.
Speaking to the BBC, Guenther Oettinger, digital affairs commissioner, said it was a "major step in raising the level of cybersecurity in Europe".
The EU's new move comes in the wake of growing concern that online banking, power stations or airport control could be targeted by hackers. According to an estimate by the EU Agency for Network and Information Security (ENISA), such attacks have caused annual losses ranging from €260-€340 bn (£188bn to £246bn).
The rules still need to be formally approved by the Parliament's Internal Market Committee and the Council Committee of Permanent Representative.