Government proposal: Improvements to information security of essential services to society
On 19 December 2017, the Government submitted to Parliament a proposal for legislative amendments to improve the information security of services essential to society and to increase the authorities' opportunities to help in improving information security.
The aim of the proposal is to increase the trust and confidence of people and business and industry in the digital operating environment. The proposal would implement the EU directive on security of network and information systems (NIS directive) in Finland.
"The proposal supports the aim of the Government Programme to promote digitalisation and ensure digital security. The preparation work has been the key measure in implementing the national information security strategy," says Minister of Transport and Communications Anne Berner.
"The legislative proposal has been prepared in broad-based intersectoral cooperation and it provides an excellent basis for intensifying authority collaboration to ensure information security also in future."
The following acts are proposed to be amended: Information Society Code, Aviation Act, Railway Act, Vessel Traffic Service Act, Act on Security Measures on certain Ships and in Ports serving them and on monitoring the Security Measures, Act on Transport Services, Electricity Market Act, Natural Gas Market Act, Act on the Control of the Electricity and Natural Gas Market, Water Services Act and Act on the Financial Supervisory Authority.
The proposal sets out obligations for providers of essential services and certain digital services (for example online marketplaces, cloud computing services, online search engines) to manage risks posed to information security and report on security incidents to the supervision authority. Essential services would include services relating to traffic control and infrastructure management as well as distribution of energy and drinking water.
It is proposed that, as a rule, each sector's supervisory authority would have the competence to monitor compliance with the obligations. The goal is to strengthen cooperation between the authorities in different sectors of society and to increase awareness among the sectoral monitoring authorities of the disturbances in communications networks and information systems that can endanger the quality, security and interference-free use of the essential services.
The acts are proposed to enter into force on 1 May 2018.
The directive of the European Parliament and of the Council on security of network and information systems entered into force in August 2016. The EU Member States will have to transpose the directive into their national laws by 9 May 2018.
Timo Kievari, Director of Unit, tel. +358 295 34 2620
Maija Rönkä, Senior Officer, tel. +358 295 34 2039
Publication: Most reliable corporate digital systems and services. Finland’s information security strategy (7/2016, abstract in english)
Publication: Working group supporting implementation of the network and information security directive (Abstract in english)