Technology firms and those running critical services will have to report cyber-breaches, under new rules proposed by MEPs.
The rules will also establish minimum standards of cybersecurity for banks, energy and water firms.
It is the first time Europe has created EU-wide rules on cybersecurity.
It comes in the wake of concerns that key infrastructure, such as airports or power stations, could be targeted by hackers.
ADVERTISING
The
proposed laws - agreed by MEPs and ministers from the 28 EU countries -
will also apply to some tech firms. The details of this have yet to be
worked out but the rules are likely to include online marketplaces,
such as eBay and Amazon, and search engines such as Google.
The Network and Information Security directive is an attempt to deal with the emerging threat of cyber-attacks.
Currently
there is no common approach in Europe to digital network breaches,
whether they are the result of human error, technical failures or
malicious attacks.
The European Agency for Network and Information
Security (Enisa) estimates that such breaches result in annual losses
in the range of 260 billion to 340 billion euros.
Under
the new rules, member states would have to co-operate more on
cybersecurity, exchanging information about breaches, offering best
practice and assisting member states in securing their infrastructures.
Complex legislation
"Today,
a milestone has been achieved: we have agreed on the first ever EU-wide
cybersecurity rules, which the Parliament has advocated for years,"
said German MEP Andreas Schwab, after the deal was agreed.
Digital
affairs commissioner Guenther Oettinger added that it was a "major step
in raising the level of cybersecurity in Europe".
MEP Vicky Ford, who chaired the final round of talks, said that it was "a hugely complex piece of legislation".
"We
have set up a network which will enable experts from each of the 28
countries in the EU to share and develop best practice in network
security, whilst not compromising any individual member state's own
national security measures."
The deal still needs approval from
the European Parliament and national governments. The vote is expected
to take place in the spring, after which member states would have around
two years to put the measures in place.