Legislative amendments increasing information security of services essential to society into force

Several legislative amendments that increase information security of services essential to society and foster cooperation between authorities concerning information security enter into force on 9 May 2018. The amendments aim to increase the level of trust by people and businesses towards digital modes of operation and raise the level of information security in the entire society. The amendments will implement the EU directive on security of network and information systems (NIS directive) in Finland.

In Finland, the aims set in the Directive for the management of information security risks and notifications of incidents have been included in the sectoral legislation. Provisions on improving information security can be found in several acts.

Information disruptions must be reported to the supervision authority

The current amendments oblige many providers of services essential to society to ensure information security and to report any information security disruptions to the supervision authority concerned.

The new obligations apply to electrical network and natural gas transmission network operators, traffic control, main port and airport operators, and water utilities that supply water or receive waste water at least 5,000 cubic metres a day. They also apply to cloud services, search engines and online market places. The amendments ensure that information security will be considered a central part of operational risk management. The users will benefit from the amendments in safer and more stable services.

The information security obligations will be supervised by sectoral authorities: the Finnish Communications Regulatory Authority, Transport Safety Agency Trafi, Financial Supervisory Authority, Energy Authority, National Supervisory Authority for Welfare and Health (Valvira) and Centres for Economic Development, Transport and the Environment. The service providers report to these authorities of any information security disruptions.

The National Cyber Security Centre at the Finnish Communications Regulatory Authority cooperates, on a voluntary basis, with businesses and industry and helps in addressing information security incidents. The importance of the role of the Cyber Security Centre in promoting information security in society will grow in future.

What next?

The key objective of the amendments is to promote both national and international cooperation between the authorities. In future, the authorities' opportunities for cooperation and information sharing will improve.

Acts amended on the basis of the NIS Directive are: Act on Electronic Communication Services, Aviation Act, Vessel Traffic Service Act, Act on Security Measures on certain Ships and in Ports serving them and on monitoring the Security Measures, Act on Transport Services, Electricity Market Act, Natural Gas Market Act, Water Services Act, Act on the Control of the Electricity and Natural Gas Market, Water Services Act, Act on the Financial Supervisory Authority and Act on the National Supervisory Authority for Welfare and Health.

Inquiries:
Maija Rönkä, Ministerial Adviser, tel. +358 295 34 2039
Timo Kievari, Director of Unit, tel. +358 40 059 3706