bto solicitors - Corporate & Commercial Business Lawyers Glasgow Edinburgh Scotland

  • "really fights your corner..."
    "really fights your corner..." Chambers UK
  • "Consistently high-quality work and client-friendly approach."
    "Consistently high-quality work and client-friendly approach." Chambers UK
  • "really adaptable and innovative approach"
    "really adaptable and innovative approach" Chambers UK
  • "technical mastery (and) commercial realism ...differentiate bto from the competition.”
    "technical mastery (and) commercial realism ...differentiate bto from the competition.” Longstanding bto client
  • "The culture in the firm is second to none and all the solicitors have the highest regard for client service.”
    "The culture in the firm is second to none and all the solicitors have the highest regard for client service.” Legal 500
  • "highly experienced and knowledgeable"
    "highly experienced and knowledgeable" Legal 500
  • "professional and confidence-inspiring."
    "professional and confidence-inspiring." Legal 500
  • "Meticulous, calm and authoritative"
    "Meticulous, calm and authoritative" Chambers UK
  • "prompt, efficient and courteous service"
    "prompt, efficient and courteous service" Legal 500
  • "excellent blend of experience, technical nous and commercial sense"
    "excellent blend of experience, technical nous and commercial sense" Legal 500
  • "thorough and logical thinking"
    "thorough and logical thinking" Chambers UK
  • "superb" "fantastic grasp of detail"
    "superb" "fantastic grasp of detail" Chambers UK

EU to introduce Mandatory Cyber Security Reporting: Cyber Security Directive

10 December 2015

Europe’s Cyber Security Directive which aims to strengthen European resilience to cyber-attack will have substantial implications for key infrastructure providers such as communications, cloud computing, some e-commerce platforms, healthcare, energy, banking and transport operators.

The Directive is intended to improve the ability of member states to co-operate and respond to cyber threats. The Directive will introduce mandatory reporting of security breaches for key infrastructure providers in energy, transport, financial markets, health and water. Once the Directive has been approved in Europe member states will have 21 months to implement the Directive in National Law and a further 6 months to identify “operators of essential services”. These operators will be subject to enhanced security requirements and will be subject to the mandatory reporting requirement.

Lindsey Urquhart
Lindsay Urquhart, Associate

Member states will be required to introduce Computer Security Incident Response Teams (CSIRTs) who will work co-operatively with the EU Agency for Network and Information Security (ENISA) to improve cross border incident handling and response.

Presently, ENISA is reporting that security incidents and human error in these key infrastructures result in annual losses in the range of €260- €340 billion Euros, and that presently there is no co-ordinated approach to security and reporting within the EU (1).

The text of the Directive text still needs to be formally approved by member states, the presidency will present the text for approval by member states' ambassadors at the Permanent Representatives Committee on 18 December 2015 (2). Formal adoption by both the Council and the Parliament is required before the Directive will become law in Europe.

The changes are, however, likely to lead to greater continuity in respect of security standards which will benefit those providers with operations in multiple European jurisdictions. Commentators are calling for a light touch from regulators, particularly, given the wide scope of services including information and communication technology services that may be covered by the Directive (3).

Although the immediate effects of increased security requirements will be felt most keenly by large infrastructure service providers, we anticipate a knock on effect as these larger operators look to secure their supply chains by imposing increased security requirements in contracts and procurement processes.


Lindsay Urquhart
Associate
bto’s Data Protection Defence Team
bto solicitors
E: lau@bto.co.uk
T: 0131 222 2939

  1. http://www.europarl.europa.eu/news/en/news-room/20151207IPR06449/html/MEPs-close-deal-with-Council-on-first-ever-EU-rules-on-cybersecurity

  2. http://www.consilium.europa.eu/en/press/press-releases/2015/12/08-improve-cybersecurity/?utm_source=dsms-auto&utm_medium=email&utm_campaign=First+EU-wide+rules+to+improve+cybersecurity%3a+deal+with+EP

  3. Society for Computers and Law, ‘Cybersecurity Directive Pending’ 8 December 2015

 

“The level of service has always been excellent, with properly experienced solicitors dealing with appropriate cases" Legal 500

Contact BTO

Glasgow

  • 48 St. Vincent Street
  • Glasgow
  • G2 5HS
  • T:+44 (0)141 221 8012
  • F:+44 (0)141 221 7803

Edinburgh

  • One Edinburgh Quay
  • Edinburgh
  • EH3 9QG
  • T:+44 (0)131 222 2939
  • F:+44 (0)131 222 2949

Sectors

Services