New cyber-security regulation will force key companies to adopt risk-management practices and report major security breaches to the authorities, according to the European Commission. The Network and Information Security Directive, though proposed in 2013, is in the final stages of approval in Brussels between the European parliament and council. The directive will affect companies in the energy, transport, banking and health sectors. Internet service providers could be included too, but the extent to which they will be affected remains unclear. The UK’s department for business estimated in 2014 that 80% of lar