The European Parliament has made headway into the development of cybersecurity rules its member states should follow. Under the first set of regulations it has laid down, critical service companies in all 28 member states will have to make sure they're using a system robust enough to fend off cyberattacks. By "critical service companies," we mean those that fall under any of these six categories: energy, transport, banking, financial market, health and water supply. Each member state will have to list businesses that can be identified as critical service companies under a category. Any company that makes the cut will have to be able to quickly report security breaches to authorities.
It's not just the power and transportation companies that are required to be extra careful, though. Any online marketplace like eBay or Amazon, search engine such as Google or cloud service like Dropbox or Google Drive that's accessible in an EU country will be under pressure to keep their infrastructures secure. They'll also be required to report major incidents to the Parliament.
In addition, the 28 member states themselves are expected to cooperate with one another and to set up an anti-hacking task force called Computer Security Incidents Response Team (CSIRT). Each country's CSIRT is in charge of fighting off domestic cyberattacks, though they can coordinate their actions in case of international, cross-border security breaches. That said, all these rules still need approval, so there might be some changes in the final draft.