On June 6th, the Greek Presidency hosts a discussion on the issue of cyber security in the Telecoms Council. During this meeting, the progress report will be presented, of which the conclusions are widely shared amongst the national delegations. This text stipulates that operators of critical networks would be required to report cyber-attacks against them and member states would have to exchange information on such incidents.
The gist of the position from the Member States is that a coordinated response is desired but not at the expense of responsiveness. Member States can share information on cyber-attacks on a case by case basis. The Greek Presidency observed that “most Member States are against setting mandatory requirements in the directive for sharing commercially sensitive information.” The Member States generally support cooperation on this front, but believe that flexibility should be in place to allow that safety goes first. Therefore, mandatory reporting of incidents should be restricted to the cases with a significant cross-border impact. The text has not yet lined out precisely what networks should be covered as it is up to the Member States to come with more concrete proposals.
The European Parliament has adopted a position on the matter in March. It states that only operators of vital networks, such as transport and energy, should be obliged to report whether an attack has taken place.
Ecommerce Europe encourages pan-European action against cyber-attacks, since financial transactions are often subjected to such security threats. These threats undermine consumer trust, which in turn hamper the growth of the industry.