The EU’s new cybersecurity rules and their impact on the Digital Single Market and financial bodies

Share On Facebook
share on Linkedin


The Digital Single Market

Two strategies underpin the existence of European Union: firstly, it aims to preserve peace amongst the European countries and secondly, to create a Single Market with no or little trade barriers, where the movement of skilled labour is done relatively without restrictions and where political, economic and social cooperation are the principles for its legislation. Importantly, politicians and legislators have understood the crucial role that digital technology plays in our lives and its impact on the business world.

Therefore, the Digital Single Market (DSM) is a broad concept which aims at consolidating the European cloud computing and digital markets through various initiatives. It is one of the European Commission’s top priorities: according to Maiju Hamunen, analyst at the CFA Institute, the Digital Single Market could contribute to €415 billion per year to the European economy. Moreover, the European Commission, in its Communication in May 2015 suggested that the idea of a DSM is to remove the online barriers that prevent citizens and businesses from interacting in an efficiently economic manner.

Consequently, the strategy behind the DSM lies on three pillars: ‘(1) better access for consumers and businesses to digital goods and services across Europe; (2) creating the right conditions and a level playing field for digital networks and innovative services to flourish; (3) maximising the growth potential of the digital economy.’ Information quoted from the European Commission’s website. A step forward has been made towards achieving this vision just recently, on December 7, 2015, when the final cybersecurity rules for Europe were signed by the European Parliament, the European Commission and the Council.

The new rules come under the name of the Network and Information Security Directive and aim to tackle the threats to the Digital Single Market. Its provisions aim to make the online environment more trustworthy and, thus, to support the smooth functioning of the EU Digital Single Market. However, we will focus on the rules that directly affect financial bodies.

The NIS Directive and Financial Bodies

Article 3 (b) and Annex II are covering both banks and financial market infrastructure providers, including trading venues and clearing houses. These financial bodies have several responsibilities in the case of a cyber attack: under Article 14 they need to take the appropriate and proportionate technical and organizational measures to deal with and mitigate the risks posed by the cyber attacks.

The arcane language is still present across the legislation, which can make it difficult to be applied. For example, the text states that ‘having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented.’ Looking back at how the EU legislation is applied, this could lead to a case-to-case application of the law and new instances will be created with each cyber attack. The result can be an unclear framework that is therefore inefficient in supporting the DSM initiative.

Moreover, the Member States need to put together a list of entities that fall under the Directive and update that list every two years. This is because, if a bank for example operates in more than one Member State, the Member States need to cooperate and consult each other as to how to deal with the cyber incidents. It is important to underline that there are several Articles within the NIS Directive that deal with cross-border cooperation: for example, Article 0 focuses on Secure Information Sharing System and Article 11 details on Coordinated Response.

Additionally, in December 2015, the European Agency for Network and Information Security (ENISA) published a report on the usage of cloud services within the European financial service industry. The report underlines that despite the fact that a majority of financial bodies still use in-house IT infrastructure, cloud computing is growing in usage. This called for a clear strategy on how to protect costumer data from being the subject of cyber criminals.

CLICK HERE TO REGISTER FOR FREE ON ADVFN, the world's leading stocks and shares information website, provides the private investor with all the latest high-tech trading tools and includes live price data streaming, stock quotes and the option to access 'Level 2' data on all of the world's key exchanges (LSE, NYSE, NASDAQ, Euronext etc).

This area of the site is for independent financial commentary. These blogs are provided by independent authors via a common carrier platform and do not represent the opinions of ADVFN Plc. ADVFN Plc does not monitor, approve, endorse or exert editorial control over these articles and does not therefore accept responsibility for or make any warranties in connection with or recommend that you or any third party rely on such information. The information available at is for your general information and use and is not intended to address your particular requirements. In particular, the information does not constitute any form of advice or recommendation by ADVFN.COM and is not intended to be relied upon by users in making (or refraining from making) any investment decisions. Authors may or may not have positions in stocks that they are discussing but it should be considered very likely that their opinions are aligned with their trading and that they hold positions in companies, forex, commodities and other instruments they discuss.

Leave A Reply

Do you want to write for our Newspaper? Get in touch:

By accessing the services available at ADVFN you are agreeing to be bound by ADVFN's Terms & Conditions

P: V: D:20211023 13:36:06