Tech firms could face new EU cyber rules

The European Union is one step closer to enacting cybersecurity rules that would require major tech companies like eBay, Amazon and Google to meet minimum data security requirements.

The guidelines would also require these companies to notify the government of any cybersecurity incidents.

{mosads}A European parliamentary committee overwhelmingly approved the new rules on Thursday, which will now head to the EU Council and the full European Parliament for passage.

If the standards are adopted, they would be the first EU-wide cybersecurity rules.

The rules would apply to large ecommerce companies like eBay, cloud computing firms like Amazon Web Services and search engines like Google.

These companies would have to take steps “to ensure the safety of their infrastructure” and notify authorities of “major incidents” such as data breaches, the European Parliament said in a release.

Smaller digital companies would not be subject to these guidelines.

In addition to these major tech players, the rules would cover “firms supplying essential services,” such as energy, transportation, banking and healthcare.

“Member states will also have to cooperate more on cybersecurity — which is even more important in light of the current security situation in Europe,” said Andreas Schwab, a EU parliamentarian backing the reforms.

The new cyber guidelines are the result of a years-long drive to unify EU cyber rules as countries have scrambled to respond to the dramatic rise of cyberattacks.

“Parliament has pushed hard for a harmonized identification of critical operators in energy, transport, health or banking fields, which will have to fulfill security measures and notify [authorities of] significant cyber incidents,” Schwab said.

In the U.S., Congress has considered similar measures. But lawmakers have thus far failed to advance several bills that would set nationwide data security standards and require companies to report hacks to the government.