|The AmeriKat can confirm - the EU Trade Secrets|
Directive is NOT under the couch...
....but there are some dust bunnies
Instead, the European Council adopted the Network and Information Security (NIS) Directive during its first reading. The NIS Directive provides that operators of critical IT services (think energy, transport, health and finance) meet certain security obligations. Who falls within this category will be determined by each Member State, whereas digital service providers (such as search engines and cloud services) will be directly subject to the Directive. Member States are also required to cooperate in sharing information when tackling cybersecurity threats. The Council press release states:
"Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats.
The Netherlands presidency together with the EU Agency for Network and Information Security (ENISA) has already started preparing the implementation of the directive. A first informal meeting of the network of Computer security incident response teams (CSIRT) set up under the directive took place in The Hague on 5 April, followed by a second meeting in Riga on 10 May."The NIS Directive will go back to the European Parliament for a second reading, thereafter it is expected to enter into force in August (which is an auspicious time given most of Europe is on holiday...).
This follows US efforts to tighten up cybersecurity, including the signing into law last December of the Cybersecurity Act of 2015 (with a focus on collaborative regimes, like the NIS) and President Obama's announcement this year of the Cybersecurity Action Plan and a new Federal Chief Information Security Officer position. Japan is also working on its own three-year Cybersecurity Strategy and is planning to update its Cybersecurity Law.
The simultaneous global efforts in improving cybersecurity and trade secrets are no coincidence, of course. This month, the UK Government published the "Cyber Security Breaches Survey 2016" which found that 65% of large firms detected a cyber security breach or attack in the past year. Over half (55%) of firms also reported that they stored at least some commercially confidential data on cloud servers. Commercially confidential information stored on site and in the cloud is likely to contain a company's trade secrets. Therefore, the risk of cyberattacks is not just a risk of data loss and disruption, but a risk of trade secret theft. Indeed, top finance officials from the G7 met recently to discuss the issue.
So, the AmeriKat is sticking with her prediction that although 2017 may be the year of the UPC, 2016 will be remembered as year of trade secrets and cybersecurity. But just where, oh where is that final EU Trade Secrets Directive text? The IPKat (@IPKat) has, this evening, asked the EU Council where it is. We will see if he gets an answer. In the meantime, if readers have any inkling (or if it is hiding in some dark corner of the EU Council website), do let the IPKat know at email@example.com.