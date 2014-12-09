* Internet firms argue they are not critical infrastructure
* Commission wants them included due to their widespread use
By Julia Fioretti
BRUSSELS, Dec 9 Internet companies like Cisco
and Google are seeking to be excluded from a
new EU cybersecurity law that would force them to adopt tough
security measures and report serious security breaches to
national authorities.
The so-called Network and Information Security directive is
due to be finalised in talks between the European Parliament,
the European Commission and member states over the coming weeks.
EU lawmakers want the law to cover only sectors that they
consider critical, such as energy, transport and finance.
But the Commission - the EU executive - and some countries,
such as Germany and France, are pushing to include cloud
providers, social networks, search engines and e-commerce
platforms because of their widespread use by people and
businesses.
Internet companies are firmly opposed to such a move, which
would incur extra compliance costs.
"Online services such as e-commerce sites, search and social
networks are useful but not critical. This legislation should
focus on truly critical infrastructure only," said James
Waterworth, vice-president for Europe of the Computer and
Communications Industry Association, a lobbying group which
includes Facebook, Microsoft and Google.
Such firms agree with lawmakers who say their inclusion
would lead to duplicate incident reporting - for example when a
bank using a cloud-computing provider suffers a security breach.
"We are implicated anyway with critical sectors as
customers," said Chris Gow, senior manager of government affairs
at network equipment maker Cisco.
Currently there is no pan-European law and only telecoms
operators are subject to the incident-reporting requirements.
The European Parliament also wants all companies within a
sector to fall under the new law's scope - but member states
want the flexibility to pick and choose within sectors.
Internet companies are concerned that if member states have
their way, this would result in a fragmentation of security
standards across the bloc.
"If cybersecurity rules are different in each European
country ... it would fragment the digital single market,"
Waterworth said.
(Editing by Pravin Char)