The EU is imposing tougher cyber security rules for energy facilities and other key sectors. 

European Union lawmakers have agreed to enhance the cybersecurity standards for all medium and large companies in essential sectors - energy, transport, banking, financial market infrastructure, health, vaccines and medical devices, drinking water, waste water, digital infrastructure, public administration, space agencies, postal and courier services, waste management, chemicals, food manufacturing, computers and electronics, machinery equipment, motor vehicles, and digital providers such as online marketplaces, online search engines, and social networking service platforms.

All companies that fall under the new rules will be required to assess their cybersecurity risk, notify authorities and work to counter the risks.

They face fines of up to 2 per cent of global turnover for non-compliance.

EU cybersecurity agency ENISA will be tasked with assessing the risks of critical supply chains under the new rules too.

“Cyber threats have become bolder and more complex. It was imperative to adapt our security framework to the new realities and to make sure our citizens and infrastructures are protected,” EU industry chief Thierry Breton said in a statement.