This file photo shows the European Cybercrime Centre (EC3) logo.
The European Union (EU) has proposed a new cyber security law that subjects tens of thousands of firms to increased internet security checks.
The draft of the legislation, published on Thursday, demands that around 42,000 European firms, including hospitals, airports and banks, report any incident of internet security exposure to agents of the European Cybercrime Centre (EC3).
Information Security Forum (ISF), representing IBM, Nokia, and Proctor & Gamble, said the new law subjects businesses to greater costs.
“The publication of a security incident can have significant influence on the reputation or value of a company – in the extreme case, publication has more severe consequences than the actual incident,” ISF Vice President Steve Durbin said.
The law states each of the 27 countries in the bloc needs an anti-cybercrime unit, dubbed Computer Emergency Response Team.
The firms are required to report all internet security attacks to the Computer Emergency Response Team that can under the authority of the EC3 publish reports on the firms’ security flaws and impose fines.
The legislation comes as online consumers have expressed distrust with making online payments.
A 2012 EU poll showed that 38 percent of EU internet users considered online transactions as insecure and preferred traditional payment methods.
On October 19, 2012, the HSBC banking company had a major internet intrusion through a Distributed Denial of Service attack (DDoS-attack) that left millions of customers without access to online services.