Hot Features
Premium
Register for Free to get streaming real-time quotes, interactive charts, live options flow, and more.
The Digital Single Market
Two strategies underpin the existence of European Union: firstly, it aims to preserve peace amongst the European countries and secondly, to create a Single Market with no or little trade barriers, where the movement of skilled labour is done relatively without restrictions and where political, economic and social cooperation are the principles for its legislation. Importantly, politicians and legislators have understood the crucial role that digital technology plays in our lives and its impact on the business world.
Therefore, the Digital Single Market (DSM) is a broad concept which aims at consolidating the European cloud computing and digital markets through various initiatives. It is one of the European Commission’s top priorities: according to Maiju Hamunen, analyst at the CFA Institute, the Digital Single Market could contribute to €415 billion per year to the European economy. Moreover, the European Commission, in its Communication in May 2015 suggested that the idea of a DSM is to remove the online barriers that prevent citizens and businesses from interacting in an efficiently economic manner.
Consequently, the strategy behind the DSM lies on three pillars: ‘(1) better access for consumers and businesses to digital goods and services across Europe; (2) creating the right conditions and a level playing field for digital networks and innovative services to flourish; (3) maximising the growth potential of the digital economy.’ Information quoted from the European Commission’s website. A step forward has been made towards achieving this vision just recently, on December 7, 2015, when the final cybersecurity rules for Europe were signed by the European Parliament, the European Commission and the Council.
The new rules come under the name of the Network and Information Security Directive and aim to tackle the threats to the Digital Single Market. Its provisions aim to make the online environment more trustworthy and, thus, to support the smooth functioning of the EU Digital Single Market. However, we will focus on the rules that directly affect financial bodies.
The NIS Directive and Financial Bodies
Article 3 (b) and Annex II are covering both banks and financial market infrastructure providers, including trading venues and clearing houses. These financial bodies have several responsibilities in the case of a cyber attack: under Article 14 they need to take the appropriate and proportionate technical and organizational measures to deal with and mitigate the risks posed by the cyber attacks.
The arcane language is still present across the legislation, which can make it difficult to be applied. For example, the text states that ‘having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented.’ Looking back at how the EU legislation is applied, this could lead to a case-to-case application of the law and new instances will be created with each cyber attack. The result can be an unclear framework that is therefore inefficient in supporting the DSM initiative.
Moreover, the Member States need to put together a list of entities that fall under the Directive and update that list every two years. This is because, if a bank for example operates in more than one Member State, the Member States need to cooperate and consult each other as to how to deal with the cyber incidents. It is important to underline that there are several Articles within the NIS Directive that deal with cross-border cooperation: for example, Article 0 focuses on Secure Information Sharing System and Article 11 details on Coordinated Response.
Additionally, in December 2015, the European Agency for Network and Information Security (ENISA) published a report on the usage of cloud services within the European financial service industry. The report underlines that despite the fact that a majority of financial bodies still use in-house IT infrastructure, cloud computing is growing in usage. This called for a clear strategy on how to protect costumer data from being the subject of cyber criminals.
