Doing Business with the European Union

The European Union (EU) has made Cybersecurity a top priority and those conducting business with the association should be aware of its potential impact on them.

On May 9, 2018, all 28 EU member states will implement the Directive on Security of Network and Information Systems (NIS Directive) in hopes of “achieving a high, common level of network and information systems security across the EU.” Effectively, this means those involved with conducting business with the EU in the following sectors must prove that they have established top Cybersecurity protocols, including a policy to immediately report breaches in data:

• Energy: electricity, oil, gas
• Transport: air, rail, road, maritime
• Banking
• Financial market infrastructure
• Health
• Water Supply
• Digital infrastructure (IXP’s, DNS service providers, TLD name registries)
• Online service providers
• Online marketplaces
• Online search engines
• Cloud computing services

The scope of this law drastically exceeds any reporting guidelines and/or best practices currently in place in the US, including the New York Cybersecurity law applicable to financial institutions conducting business in Empire state. Clearly, many US companies currently fall short of the Cybersecurity enforcement being implemented by the EU.

If you conduct business in one of the 28 EU countries or plan to do so in the future, please contact Steve Franckhauser at sfranckhauser@hbkcpa.com for details on the law and its stringent compliance measures.