In May 2016, the EU committee has passed a new law that is to provide a higher level of IT security for relevant businesses, meaning mission-critical infrastructure such as hospitals, power plants, public transport, banks or municipal utilities. The business critical IT processes are to be better protected which is to avoid supply shortages and preemptively prevent the endangerment of public safety.
Operators of mission-critical infrastructure are obligated to report incidents that can lead to gaps in security or data protection such as sever hacker attacks or system crashes. The member states must upgrade to more hardware and software and must check their systems for potential gaps in order to make corrections where needed. If this duty is not pursued, business face penalties accordingly.