It has been announced that the government will be incorporating an EU law of larger punishments for Âessential servicesÂ which are not prepared for cyber-attacks. These essential services include energy, health, transport and water, and indicate a new direction for cyber security laws.
Although the UK voted to leave the EU earlier this year, the government has decided to incorporate the National Cyber Security Strategy from EUÂs Network and Information Systems (NIS) Directive, which they hope will be in effect by May 2018. The countries in the EU must incorporate this law into their national laws by May 2018. The UK governmentÂs enthusiasm for an EU law illustrates the prominence of cyber security in todayÂs government.
The larger punishments largely refer to higher fines of up to Â£17 million or 4% of the organisationÂs turnover Â whichever is higher. The fines come in two bands, in order for them to be fair and proportionate. Digital Minister Matt Hancock describes the need for Âour essential services and infrastructureÂ to be Âmore resilientÂ. It is part of the governmentÂs five-year Â£1.9 billion National Cyber Security Strategy. It ensures organisations incorporate staff training amongst other adaptations into their policies.
This new direction for the legal management of cyber security indicates how the law adapts and changes to different challenges to our cyber system.Â