In December 2015 the European Parliament, the Council of Ministers and the Committee of Permanent Representatives reached agreement and endorsement on the text of the EU Cyber Security Directive.

Once the agreed text has undergone technical finalisation, it will be submitted for formal approval by the Council of Ministers, and then by the European Parliament and is expected to be concluded in the first half of 2016.

After the Directive has entered into force, each Member State will have 21 months to adopt the necessary provisions into local law and thereafter to identify which sectors and types of business are deemed “market operators” (otherwise known as critical infrastructure companies).

The European Commission officials dealing with the promotion of the Directive are extremely busy. Pierre Chastanet, Deputy Head of Unit – Trust & Security, Directorate General for Communications Networks, Content and Technology recently commented to us that “we are on a critical path to deliver a major initiative for the cybersecurity industry before summer this year”.