Policy & Law
05.08.2015

European Information Security: eco Warns Against Inclusion of All Web Services

  • Europe-wide harmonization in the areas of critical infrastructure is welcome
  • Avoid fragmentation and differences in implementation
  • Scope should concentrate on actual critical infrastructure

The legislative process for a European Directive for Network and Information Security (NIS Directive) is soon to be concluded. With this legislation, the European Commission wants to improve the cooperation of Member States and as such increase the resilience and defensive readiness of the EU against cyber attacks. The directive is expected to be concluded by the end of 2015 at the latest. In a newly-published position paper, eco – Association of the German Internet Industry welcomes in principle the endeavor for a Europe-wide harmonization of legal obligations for IT security, but still sees several unresolved problems. The association warns in particular against the inclusion of all web services, from the small web shop to the large social media service, in the scope of the directive. Such a generalized inclusion would not make sense, as not all services are considered critical infrastructure and small companies in particular would be unnecessarily burdened. eco advocates instead for a precise and concrete definition of the scope and a differentiated risk-based approach, as has recently also be applied in the German IT Security Act.

Avoid fragmentation and differences in implementation

The primary objective must be to achieve a strong Europe-wide harmonization of the obligations and requirements for operators of critical infrastructure. The directive should determine precise criteria and should not allow the Member States too great a leeway for their own regulatory formulations. Only in this way can the legislator avoid fragmentation and an adverse impact on the digital single market in Europe.

Scope should concentrate on actual critical infrastructure

eco also calls for the scope of the directive to be concentrated on actual critical infrastructure. In particular, areas in which requirements for IT security are completely lacking should be brought into line with already regulated areas.

The complete eco position paper on the European NIS Directive is available online here.

You might also be interested in

eco Managing Director Alexander Rabe Elected to the German Digital Services Coordinator Advisory Board
Policy & Law

eco Managing Director Alexander Rabe Elected to the German Digital Services Coordinator Advisory Board

On 4 July, the German Bundestag elected the members of the Digital Services Coordinator Advisory Board. Alexander Rabe, Managing Director of the eco Association, was elected to the Advisory Board with a cross-party majority as one of four representatives from industry associations.
05.07.2024
Advancing Multi-Stakeholder Models in Internet Governance: A Recap of NETmundial+10
Domains

Advancing Multi-Stakeholder Models in Internet Governance: A Recap of NETmundial+10

In 2014, the global multistakeholder meeting NETmundial took place in response to global concerns about Internet governance, triggered by revelations about widespread Internet surveillance. The conference, convened by multiple stakeholders, set out to establish a comprehensive set of Internet governance principles promoting transparency, inclusivity, and accountability in digital policy processes.
24.06.2024
Data Centres are Crucial in Digital Transformation – AllianzTalk on the Data Centre Industry in Germany
Datacenter

Data Centres are Crucial in Digital Transformation – Alliance Talk on the Data Centre Industry in Germany

The “We give data a home! The data centre industry in Germany” Alliance Talk on Wednesday, 15 May 2024, at BASECAMP Berlin brought together representatives from the Internet industry, users and politicians to discuss both the importance of and the necessary framework conditions for data centres in Germany.
26.05.2024