Crowdfunding and cybersecurity
Operators of crowdfunding platforms should carefully follow the work on the Network and Information Security Directive. The last draft of the proposal suggests that crowdfunding platforms could be covered by the directive.
The full name of the proposal is the “Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union.” The first draft was released in 2013. It is designed as an act that would create a European legal and institutional framework for cybersecurity. From the very start, one of the most controversial elements of the proposal has been the list of entities that would be subject to the new cybersecurity obligations imposed by the directive.
These obligations primarily include a need to manage risks connected with the security of networks and IT systems. And in certain situations persons indicated in the directive would be required to report security incidents to the authorities. In some cases information about the incident would also be publicised.
From the start it was assumed that the obligations provided in the directive would cover operators of critical infrastructure and providers of digital services. The original draft provided that the obligations under the directive would apply for example to “e-commerce platforms,” “social networks,” “application stores” and “cloud computing services.” During work on the directive this list was trimmed down. The latest draft (from 18 December 2015) includes only three categories of digital service providers: “online marketplaces,” “online search engines” and “cloud computing services.”
The category of entities designated as “online marketplaces” is particularly interesting from the viewpoint of crowdfunding platforms. This concept is defined as “a digital service that allows consumers and/or traders as defined respectively in Article 4(1)(a) and 4(1)(b) of Directive 2013/11/EU to conclude online sales and service contracts with traders either on the online marketplace’s website or on a trader’s website that uses computing services provided by the online marketplace.” Simply put, this concept refers to any services that enable contracts for sale of goods or services between businesses and consumers to be concluded online. Without a doubt, this condition could be fulfilled in the case of many crowdfunding platforms.
The directive was adopted by the Council of the European Union at the first reading in the middle of May 2016 and now must be approved by the European Parliament. The directive is expected to enter into force in August 2016. The member states would then have 21 months from the effective date to implement the directive into national law.