Europe and the United States approach cyber security differently, which might create problems for companies across the two major trade blocs. Washington will adopt voluntary reporting mechanisms whereas Brussels will implement compulsory measures.
President Obama issued an executive order on cyber security that calls for voluntary sharing of information on cyber-attacks between business and government. This followed the failure of the US Senate to approve administration-backed cyber security legislation, due to a fierce opposition from the industry complaining about over-regulation.
The European Commission proposed a Directive with measures to ensure harmonised network and information security across the EU. The proposed legislation will require companies to be audited for preparedness and to notify national authorities of cyber incidents with a “significant impact.” The directive also suggests that market operators will be liable regardless of whether or not they carry out the maintenance of their network internally or if they outsource it.
This raises the likelihood that Brussels and Washington will implement differing levels of cyber security vigilance, threatening to create inconsistencies for companies whose operations span both jurisdictions. The rapporteur for the first Digital Freedom Strategy in EU foreign policy, MEP Marietje Schaake (Netherlands, ALDE), said: “It is in the best interest of our citizens if companies are required to comply with the same high quality standards on both sides of the Atlantic, especially because many online services that EU-citizens use are incorporated in the US.”