EU governments, lawmakers agree on tougher cybersecurity rules for key sectors

　　div classBodysc17zpet90 cdBBJodivpBy Foo Yun Cheep

　　pBRUSSELS Reuters – EU countries and lawmakers agreed on Friday to tougher cybersecurity rules for large energy, transport and financial firms, digital providers and medical device makers amid concerns about cyber attacks by state actors and other malicious players.pdivdivdiv classBodysc17zpet90 cdBBJodiv

　　pThe European Commission two years ago proposed rules on the cybersecurity of network and information systems called NIS 2 Directive, in effect expanding the scope of the current rule known as NIS Directive.p

　　pThe new rules cover all medium and large companies in essential sectors – energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration and space.p

　　pAll medium and large firms in postal and courier services, waste management, chemicals, food manufacturing, medical devices, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online market places, online search engines, and social networking service platforms will also fall under the rules.p

　　pThe companies are required to assess their cybersecurity risk, notify authorities and take technical and organisational measures to counter the risks, with fines up to 2 of global turnover for noncompliance.p

　　pEU countries and EU cybersecurity agency ENISA could also assess the risks of critical supply chains under the rules.p

　　p“Cyber threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and to make sure our citizens and infrastructures are protected,” EU industry chief Thierry Breton said in a statement.p

　　p

　　pp Reporting by Foo Yun Chee Editing by Mark Potterp

　　divdivdiv classBodysc17zpet90 cdBBJodivdivdiv