"Cybersecurity" Directive makes European Council appearance, but where is the Trade Secrets Directive?

The AmeriKat can confirm - the EU Trade Secrets
Directive is NOT under the couch...
....but there are some dust bunnies
Nothing drives the AmeriKat more crazy than when things or people go AWOL.  Thus, her fur bristled when the 17 May came and went but no big Council press release concerning the adoption of the EU Trade Secrets Directive that was passed by the European Parliament last month (see Kat posts here).

Instead, the European Council adopted the Network and Information Security (NIS) Directive during its first reading.  The NIS Directive provides that operators of critical IT services (think energy, transport, health and finance) meet certain security obligations.  Who falls within this category will be determined by each Member State, whereas digital service providers (such as search engines and cloud services) will be directly subject to the Directive.  Member States are also required to cooperate in sharing information when tackling cybersecurity threats.  The Council press release states:
"Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats. 
The Netherlands presidency together with the EU Agency for Network and Information Security (ENISA) has already started preparing the implementation of the directive. A first informal meeting of the network of Computer security incident response teams (CSIRT) set up under the directive took place in The Hague on 5 April, followed by a second meeting in Riga on 10 May."
The NIS Directive will go back to the European Parliament for a second reading, thereafter it is expected to enter into force in August (which is an auspicious time given most of Europe is on holiday...).

This follows US efforts to tighten up cybersecurity, including the signing into law last December of the Cybersecurity Act of 2015 (with a focus on collaborative regimes, like the NIS) and President Obama's announcement this year of the Cybersecurity Action Plan and a new Federal Chief Information Security Officer position.  Japan is also working on its own three-year Cybersecurity Strategy and is planning to update its Cybersecurity Law.

The simultaneous global efforts in improving cybersecurity and trade secrets are no coincidence, of course.   This month, the UK Government published the "Cyber Security Breaches Survey 2016" which found that 65% of large firms detected a cyber security breach or attack in the past year. Over half (55%) of firms also reported that they stored at least some commercially confidential data on cloud servers.  Commercially confidential information stored on site and in the cloud is likely to contain a company's trade secrets.  Therefore, the risk of cyberattacks is not just a risk of data loss and disruption, but a risk of trade secret theft.  Indeed, top finance officials from the G7 met recently to discuss the issue.

So, the AmeriKat is sticking with her prediction that although 2017 may be the year of the UPC, 2016 will be remembered as year of trade secrets and cybersecurity.  But just where, oh where is that final EU Trade Secrets Directive text?  The IPKat (@IPKat) has, this evening, asked the EU Council where it is.  We will see if he gets an answer.  In the meantime, if readers have any inkling (or if it is hiding in some dark corner of the EU Council website), do let the IPKat know at theipkat@gmail.com.

"Cybersecurity" Directive makes European Council appearance, but where is the Trade Secrets Directive? "Cybersecurity" Directive makes European Council appearance, but where is the Trade Secrets Directive? Reviewed by Annsley Merelle Ward on Monday, May 23, 2016 Rating: 5

No comments:

All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here: http://ipkitten.blogspot.com/p/want-to-complain.html

Powered by Blogger.