It is estimated that more than 50% of our national legislation derives from decisions taken at EU level, with this number increasing to 95% in certain areas. However, the delay between the start of discussions at EU level and implementation of the corresponding national legislation can take up to five years or more.
This explains why industry is sometimes taken off guard when new legislation comes into force and why new legislation does not always reflect market reality.
For example, the EU is currently reviewing the E-Privacy Directive, which sets out how personal data can be stored and used in the context of electronic communications.
The review process was kicked off by a public consultation, which started in November 2005 with a call for stakeholders' input. The proposals are expected to come out in July 2007, but the law will probably not be implemented nationally until 2010.
For businesses, particularly small and medium-sized enterprises, it is difficult to monitor and be engaged in such complex processes for long periods, since many just struggle to look beyond the next fiscal quarter. The bottom line is clear: companies will be required to comply with the new laws, which will be costly and time-consuming if they do not anticipate the required adaptations.
But beware; the reverse scenario is also possible. The Data Retention Directive was adopted with such unprecedented speed (less than two years between the initial proposal and implementation at national level) that now we near the transposition date, many realise that crucial details have not been fully thought through and insufficient guidance has been given to member states. This has resulted in confusion and frustration among industry and government.
With a number of imperative security initiatives up for debate in the EU this coming year it is key for industry to stay in tune with security policy developments, to share its expertise, concerns and needs with policy makers and prepare itself and its customers for changes ahead.
Equally, governments need to lend a listening ear to the voice of the industry to ensure that their proposals and initiatives are responsive to their real needs, are in synch with the market reality and do not hamper competition and innovation.
● Marika Konings is director of European affairs at the Cyber Security Industry Alliance. The CSIA will lead a keynote panel on how to secure the latest telecoms technologies at Infosecurity Europe
Cyber Security Industry Alliance website >>
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management
Comment on this article: firstname.lastname@example.org