The European Commission (EC) has initiated criminal proceedings against Bulgaria and 22 other EU member states for failing to fully implement critical cybersecurity regulations. These rules, which had to be adopted by EU countries by 17 October, are aimed at improving cybersecurity in key sectors like public electronic communications, ICT services, healthcare, transport, energy, digital services, waste management, postal services, and public administration.
The legislation is designed to enhance the resilience of these sectors, ensuring better responses to cyber incidents. The countries involved have been given two months to respond to the EC’s action before further legal proceedings are pursued. In addition to Bulgaria, the nations named include the Czech Republic, Denmark, Germany, Estonia, Ireland, Greece, Spain, France, Cyprus, Latvia, Luxembourg, Hungary, Malta, the Netherlands, Austria, Poland, Portugal, Romania, Slovenia, Slovakia, Finland, and Sweden.
The European Commission’s decision to take legal action underscores the importance of timely implementation of these rules, which are considered crucial for safeguarding the EU's digital infrastructure and ensuring the safety of critical services.
Background:
The European Commission's cybersecurity rules are part of the broader EU framework to address digital security risks, particularly in essential services. The legislation sets out requirements for member states to improve their national capabilities in preventing and responding to cyber threats. The 17 October deadline for implementing the rules was set to ensure uniform security standards across all EU countries. The failure of these 23 countries to meet the deadline has now led to the commencement of legal proceedings.
Sources:
- European Commission website
- Bulgarian National Television (BNT)
- Mediapool