Activities of Vicente Miguel GARCÉS RAMÓN related to 2013/0027(COD)
Plenary speeches (1)
High common level of network and information security (debate)
Shadow reports (1)
REPORT on the proposal for a directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union PDF (894 KB) DOC (1 MB)
Amendments (30)
Amendment 106 #
Proposal for a directive
Citation 4 a (new)
Citation 4 a (new)
having regard to the European Parliament resolution of 12 September 2013 on a Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace’,
Amendment 107 #
Proposal for a directive
Recital -1 (new)
Recital -1 (new)
(-1) In today’s world, information and communication technologies (ICTs) should address the needs of society, including the needs of persons at risk of social exclusion. All ICT users should be able to depend on minimum standards guaranteeing ICT reliability, security, transparency, simplicity, interoperability and risk reduction.
Amendment 111 #
Proposal for a directive
Recital 3 a (new)
Recital 3 a (new)
(3a) NIS in the EU should provide a secure and reliable digital environment, ensure net neutrality and guarantee the universal right to access technologies and all related services. Cybersecurity should be regulated in such a way that no discretionality can be applied.
Amendment 112 #
Proposal for a directive
Recital 5
Recital 5
(5) To cover all relevant incidents and risks, this Directive should apply to all network and information systems. The obligations on public administrations and market operators should however not apply to undertakings providing public communication networks or publicly available electronic communication services within the meaning of Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive), which are subject to the specific security and integrity requirements laid down in Article 13a of that Directive nor should they apply to trust service providers.
Amendment 113 #
Proposal for a directive
Recital 5 a (new)
Recital 5 a (new)
(5a) Several Member States are yet to publish their national cybersecurity strategies, and are still to draw up their contingency plans for cyber incidents. At the same time, some Member States have not established a computer emergency and response team (CERT) or ratified the Council of Europe’s Convention on Cybercrime.
Amendment 114 #
Proposal for a directive
Recital 6
Recital 6
(6) The existing capabilities are not sufficient enough to ensure a high level of NIS within the Union. Member States have very different levels of preparedness leading to fragmented approaches across the Union. This leads to an unequal level of protection of consumers and businesses, and undermines the overall level of NIS within the Union. Lack of common minimum requirements on public administrations and market operators in turn makes it impossible to set up a global and effective mechanism for cooperation at Union level. There is a need effectively to spur R&D&i in these areas and provide it with adequate funding. Universities and research centres have a decisive role to play in this regard.
Amendment 119 #
Proposal for a directive
Recital 14
Recital 14
(14) A secure information-sharing infrastructure should be put in place to allow for the exchange of sensitive and confidential information within the cooperation network. Without prejudice to their obligation to notify incidents and risks of Union dimension to the cooperation network, access to confidential information from other Member States should only be granted to Members States upon demonstration that their technical, financial and human resources and processes, as well as their communication infrastructure, guarantee their effective, efficient and secure participation in the network. This should always be done using transparent methods that prevent any arbitrary conduct between Member States.
Amendment 121 #
Proposal for a directive
Recital 16
Recital 16
(16) To ensure transparency and properly inform EU citizens and market operators, the competent authorities should set up a common website to publish non confidential information on the incidents and risks on common digital spaces which, in the same way as websites, allow for their consultation on mobile phones and tablets.
Amendment 122 #
Proposal for a directive
Recital 16 a (new)
Recital 16 a (new)
(16a) Special consideration should be given, as regards these environments, to the most vulnerable members of society, such as people on the wrong side of the digital divide and minorities with social network exposure. Special efforts should also be made to increase public awareness and education. Member States shall ensure that SMEs are able to further their understanding in the field NIS and bolster their capacities in the field of cybersecurity.
Amendment 125 #
Proposal for a directive
Recital 27
Recital 27
(27) To avoid imposing a disproportionate financial and administrative burden on small operators and users, the requirements should be proportionate to the risk presented by the network or information system concerned, taking into account the state of the art of such measures. These requirements should not apply to micro enterprises, which should be able to call on a suitable financial support mechanism to enable them to meet the requirements specified.
Amendment 126 #
Proposal for a directive
Recital 28
Recital 28
(28) Competent authorities should pay due attention to preserving informal and trusted channels of information-sharing between market operators and between the public and the private sectors. Publicity of incidents reported to the competent authorities should duly balance the interest of the public in being informed about threats with possible reputational and commercial damages for the public administrations and market operators reporting incidents. In the implementation of the notification obligations, competent authorities should pay particular attention to the need to maintain information about product vulnerabilities strictly confidential prior to the release of appropriate security fixes. Under no circumstances must the fundamental rights to information and communication inherent to the rule of law be limited or nullified.
Amendment 127 #
Proposal for a directive
Recital 29
Recital 29
(29) Competent authorities should have the necessary means to perform their duties, including powers to obtain sufficient information from market operators and public administrations in order to assess the level of security of network and information systems as well as reliable and comprehensive data about actual incidents that have had an impact on the operation of network and information systems. The competent authorities should be able to hold liable the suppliers of defective computer programs or hardware or services that lead directly to an NIS incident.
Amendment 135 #
Proposal for a directive
Recital 37
Recital 37
(37) In the application of this Directive, the Commission should liaise as appropriate with relevant sectoral committees and relevant bodies set up at EU level in particular in the field of energy, transport, health and thealth armed forces.
Amendment 136 #
Proposal for a directive
Recital 40 a (new)
Recital 40 a (new)
(40a) The combating of cybercrime should be flanked with the combating of international espionage, which undermines the sovereignty of the EU and its Member States. This Directive should protect the public, enterprises, public and private institutions and states and their governments from common crime, organised crime and espionage, including cybercrime.
Amendment 137 #
Proposal for a directive
Recital 41
Recital 41
(41) This Directive respectsshould in no way limit or nullify the fundamental rights, and should observes the principles, recognised by, the Charter of Fundamental Rights of the European Union and, notably, the right to respect for private life the rights of information and communications, the protection ofor personal data, the freedom to conduct a business, the right to property, the right to an effective remedy before a court and the right to be heard. This Directive must be implemented according to these rights and principles
Amendment 138 #
Proposal for a directive
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Directive lays down measures to ensure a high common level of network and information security (hereinafter referred to as "NIS") within the Union, providing a secure and reliable digital environment, ensure net neutrality and guarantee the universal right to access technologies and all related services.
Amendment 139 #
Proposal for a directive
Article 1 – paragraph 2 – point c
Article 1 – paragraph 2 – point c
c) establishes security requirements for market operators and public administrations which ensure that no discretionality can be applied.
Amendment 141 #
Proposal for a directive
Article 1 – paragraph 3
Article 1 – paragraph 3
Amendment 153 #
Proposal for a directive
Article 4
Article 4
Member States shall ensure a high level of security of the network and information systems in their territories in accordance with this Directive. The combating of cybercrime shall be flanked with the combating of international espionage aimed at undermining the sovereignty of the EU and its Member States.
Amendment 154 #
Proposal for a directive
Article 5 – paragraph 1 – point e
Article 5 – paragraph 1 – point e
e) Research and development plans and a description of how these plans reflect the identified priorities, and in which universities and research centres shall have a decisive role.
Amendment 155 #
Proposal for a directive
Article 5 – paragraph 1 – point e a (new)
Article 5 – paragraph 1 – point e a (new)
ea) Quality programmes drawn up with the utmost diligence and the measures needed to implement and extend this Directive. All applications must be built using reusable code and, insofar as this is possible, using open source software.
Amendment 158 #
Proposal for a directive
Article 5 – paragraph 2 – point d a (new)
Article 5 – paragraph 2 – point d a (new)
da) Publication of an online directory of all the entities meeting the risk management and information requirements under the Directive, in a way that does not limit the right to information of any citizen of any Member State and which requires that a transparency plan be drawn up on NIS management and procedures.
Amendment 160 #
Proposal for a directive
Article 5 – paragraph 2 – point d b (new)
Article 5 – paragraph 2 – point d b (new)
db) (16a) Special consideration of the most vulnerable members of society, such as people on the wrong side of the digital divide and minorities with social network exposure.
Amendment 163 #
Proposal for a directive
Article 6 – paragraph 2
Article 6 – paragraph 2
2. The competent authorities shall monitor the application of this Directive at national level and contribute to its consistent application throughout the Union. They shall also monitor the application of NIS measures within their spheres of responsibility.
Amendment 169 #
Proposal for a directive
Article 8 – paragraph 3 – point c
Article 8 – paragraph 3 – point c
c) publish on a regular basis non- confidential information on on-going early warnings and coordinated response on a common websitedigital spaces which, in the same way as websites, allow for their consultation on mobile phones and tablets;
Amendment 193 #
Proposal for a directive
Article 12 – title
Article 12 – title
Amendment 196 #
Proposal for a directive
Article 13
Article 13
Without prejudice to the possibility for the cooperation network to have informal international cooperation, the Union may conclude international agreements with third countries or international organisations allowing and organizing their participation in some activities of the cooperation network. Such agreement shall take into account the need to ensure adequate protection of the personal data circulating on the cooperation network. Such agreements should also safeguard EU sovereignty and the independence of the EU’s institutions and Member States.
Amendment 208 #
Proposal for a directive
Article 14 – paragraph 4
Article 14 – paragraph 4
4. The competent authority may inform the public, or require the public administrations and market operators to do so, where it determines that disclosure of the incident is in the public interest. Once a year, the competent authority shall submit a summary report to the cooperation network on the notifications received and the action taken in accordance with this paragraph. That annual report should contain, as a minimum, both the number of alerts issued and a breakdown of these by type. It shall be made available to the public in a compatible format enabling its publication on any open data portal wishing to publish it.
Amendment 226 #
Proposal for a directive
Article 17 – paragraph 2 a (new)
Article 17 – paragraph 2 a (new)
2a. The competent authorities shall hold liable the suppliers of defective computer programs or hardware or services that lead directly to an NIS incident.
Amendment 228 #
Proposal for a directive
Annex 2 – paragraph 1 – point 6 a (new)
Annex 2 – paragraph 1 – point 6 a (new)
6a. Multiplatform messaging services.