The EU Parliament, Council and Commission have agreed on the text of the Network and Information Security Directive after trialogue discussions concluded. The directive introduces a requirement for companies in various critical sectors, such as transport, energy and finance to ensure that their digital infrastructure can withstand cyber- attacks. These companies will also be required to report serious security breaches to the relevant public authority. The requirements will apply in addition to some larger internet service providers. The next stage of the legislative process will be for the Parliament’s Internal Market Committee and Council Committee of Permanent Representatives to formally approve the text.