We briefly present the main issues regarding Law 4577/3.12.2018 which incorporates Directive 2016/1148/EU aiming to boost the overall level of cybersecurity in the EU.
Law 4577/3.12.2018 incorporates Directive 2016/1148/EU aiming to enhance/raise the overall level of cyber security in the EU.
With the new law, Greece also brings to the forefront the priority given internationally for the security of network and information systems that play an important role in society, since cyber-attacks do not only affect public and private sectors, but also the orderly functioning of society, since everyday life is affected.
Summing up the new law
- The new law sets out the framework and responsibilities of the National Cyber Security Authority (Directorate of the General Secretariat of the Ministry of Digital Policy, Telecommunications and Media) and the Computer Security Incident Response Team (CSIRT) of the Hellenic National Defense General Staff that relate to IT security.
- Its provisions concern Operators of Essential Services and Digital Service Providers in areas such as energy, transport, banking, financial market infrastructure, health, drinking water supply and distribution, digital infrastructure, online market, online search engine and cloud computing.
- The Operators of Essential Services and Digital Service Providers must take appropriate technical and organizational measures to manage risks, prevent and minimize the impact of incidents affecting network and information systems security. At the same time, they are obliged to notify to the National Cyber Security Authority and the CSIRT incidents with serious implications their provision of services.
- Failure to notify or undue delay in event notification, as well as failure to take appropriate risk management organizational and preventive measures may result in the imposition of fines of up to EUR 200 000, imposed by the Minister of Digital Policy after the suggestion of the National Cyber Security Authority.
CPA Law Comments
- The new law emphasizes the need for cooperation of the National Cyber Security Authority with other national and international bodies, particularly for the purpose of tackling international cross-border crime.
- We remind you that on 3 August 2016, Law 4411/2016 was voted, ratifying the Council of Europe Convention on Cybercrime and its Addendum, while Directive 2013/40/EU was transposed into Greek law regarding attacks against information systems.