On 17 May 2016, the Council of Europe formally adopted new rules to step up the security of network and information systems across the EU and to increase cooperation between member states on the vital issue of cybersecurity.

The Network and Information Security Directive (the Directive) lays down security obligations for operators of essential services, including finance and also for digital service providers, such as search engines and cloud services. Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats. 

The Council position at first reading confirmed the agreement reached with the European Parliament in December 2015. The Directive must still be approved by the European Parliament at second reading and is expected to enter into force in August 2016.