(CN) - EU lawmakers on Tuesday agreed to the continent's first-ever law to improve cybersecurity, tasking member states with protecting "essential services" from attacks and mistakes that lead to security incidents.
Negotiators from the EU Council, European Parliament and European Commission developed the legislation, which they say will prevent cybersecurity breaches and provide an efficient response when they occur.
The proposal targets essential services, including the energy, transportation, banking, health and public services sectors, as well as the digital infrastructure of member states.
Member states will be required to adopt a national cybersecurity strategy and designate a single national authority to implement their strategies. States will also set up incident response teams to deal with cybersecurity breaches at a national level when they occur.
Additionally, the law will create a "cooperation group" between member states - headed by the commission - to support and facilitate strategic cooperation and the exchange of information on cyberattacks and other breaches.
The EU's Agency for Network and Information Security will oversee the response teams.
Meanwhile, the law will tighten up cybersecurity rules for digital service providers - e-commerce platforms, search engines and cloud services - and they will be treated more uniformly across the EU.
"This is an important step towards a more coordinated approach in cybersecurity across Europe," Luxembourg prime minister and EU Council president Xavier Bettel said. "All actors, public and private, will have to step up their efforts, in particular by increased cooperation between member states and enhanced security requirements for infrastructure operators and digital services."
The commission welcomed the agreement, which has been in the works since it first suggested a uniform approach to cybersecurity in 2013.
"Trust and security are the very foundations of a digital single market. If we want people and businesses to use and make the most of connected digital services, they need to trust them to be secure in the case of attack or failure," commission vice president Andrus Ansip said.
"The Internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe," he added. "This is why we need EU-wide cybersecurity solutions. Last night's agreement is an important step in this direction, but we cannot stop here: we plan an ambitious partnership with the industry in the coming months to develop more secure products and services."
After approval by the full council and parliament, member states will have 21 months to implement the directive into their national laws and another six month to identify operators of essential services.
Subscribe to Closing Arguments
Sign up for new weekly newsletter Closing Arguments to get the latest about ongoing trials, major litigation and hot cases and rulings in courthouses around the U.S. and the world.