On 17 May, the EU Council adopted the cyber security directive, which will impose new obligations on businesses in high-risk sectors, like energy, transport, health, finance and digital. Businesses affected will have to minimise their cyber risk, ensure continuity of their services, and report major cyber incidents. The directive is likely to come into force in August 2016, and member states will then have 21 months to introduce national implementing laws. 

The directive complements the new EU data protection regulation - adopted in April 2016 - which introduces new cyber security obligations across all sectors. Our guide to those rules is here

For guidance on how to assess your cyber risk, click here