This article originally appeared at The WHIR
After months of negotiations, the European Parliament has decided to include digital platforms, including cloud computing providers, in the Network and Information Security Directive (NISD), Reuters reports. The article is based on a report from Luxembourg, which applies what Reuters calls “less onerous obligations,” which were not detailed in the document, to myriad of network and online service providers.
Luxembourg is taking its turn as European Union president, and is soliciting feedback on details of the NISD at a September meeting ahead of drafting the actual legislation. The NISD is part of the Digital Agenda for Europe, and “aims to ensure a high common level of cybersecurity in the EU.”
Under the NISD, when providing service to an “infrastructure operator,” a broad category that includes energy, transport, and finance companies, Internet businesses such as ecommerce sites, search engines, and social networks would be subject to the same security rules as their client. This includes breach reporting obligations, though some details seem yet to be determined.
“We’re pleased to see digital service platforms subject to a different regime but we’re disappointed at the lack of recognition that it is the use of cloud that determines the security risk not the service itself,” Cisco Senior Manager, Government Affairs, Chris Gow told Reuters.
The European Commission launched its plan to grow the region’s digital economy as a “Digital Single Market” in May. In June the EU agreed to new data protection laws, and then to enforce net neutrality rules across the 28 member states, as the Digital Agenda for Europe takes shape.
Just how concerned digital platform providers should be depends on the specifics of the legislation, and it also remains to be seen how the news will affect the many cloud and digital services companies expanding within Europe. Linode announced a new data center in Frankfurt on Monday. European companies from iomart to Deutsche Telekom and American firms like AppDirect have announced intentions this year to grow by getting European enterprise IT into the cloud. If those enterprises are infrastructure operators, they may now face an extra hurdle in doing so.