EC data breach reporting plans to impact Apple, Facebook and Google

The European Commission (EC) has published a cyber security strategy and directive on network and information security that will force businesses to report all "major security incidents".

The mandatory disclosure plans are designed to cover organisations involved in running critical national infrastructure, the definition of which will impact firms such as Apple, Facebook and Google.

"Operators of critical infrastructures in some sectors, enablers of information society services and public administrations must adopt risk management practices and report major security incidents on their core services," the EC said.

The EC defines information society services as, "app stores e-commerce platforms, internet payment, cloud computing, search engines, social networks".

This would means huge firms like Apple, Facebook, Google, Microsoft Amazon and Twitter would have to report breaches publicly, which could cause major security and trust concerns among consumers.

V3 contacted some of these firms for comment on the proposals but had received no reply at time of publication.

The plans were originally unveiled in December 2012, when the EC promised to instigate new laws forcing businesses to disclose data on significant incidents within 24 hours.

The EC also proposed to create a co-operation mechanism among member states and the Commission.

This would provide a mechanism for organisations to share security intelligence.

The measures are intended to achieve goals including cyber resilience; reducing cybercrime; developing a cyber defence policy; and capabilities related to the common security and defence policy (CSDP).

EC vice president for the digital agenda, Neelie Kroes, claimed the strategy is essential to protect EU citizens' rights and will facilitate growth in the region's economy.

"The more people rely on the internet the more people rely on it to be secure. A secure internet protects our freedoms and rights and our ability to do business. It's time to take coordinated action - the cost of not acting is much higher than the cost of acting," said Kroes.