The European Commission recently published 2 documents:
* the Cybersecurity Strategy of the European Union (English version; 20 pages)
* the Proposed Directive on Network and Information Security (English version; 27 pages + 2 annexes)
Mozilla is trying to work out whether we need to have a position on these documents and, if so, what that position should be. How might this affect the open web? Are there any actions we could or should take in response?
This is part of the work of the new Public Policy module. Particularly if you live in the EU, we would appreciate it if you would read one or the other and indicate any parts of it which are particularly of interest to you and to Mozilla.
The first document, the Strategy, sets forth the EU’s vision of cybersecurity. The second one, the proposed NIS Directive, if enacted, would require all Member States, and key “Internet enablers” such as e-commerce platforms, social networks, plus critical infrastructure companies (energy, transport, banking, and healthcare) to take action to ensure “a secure and trustworthy digital environment throughout the EU”. This might mean, for example, requiring them to adopt risk management practices and report major security incidents on their core services.
(I would expect these documents to be available in other EU languages but, although the press release is, I can’t see where the documents are. Pointers gratefully received.)