The rules will also establish minimum standards of cybersecurity for banks, energy and water firms.
This comes in the wake of concerns that key infrastructure, such as airports or power stations, could be targeted by hackers. The proposed laws - agreed by MEPs and ministers from the 28 EU countries - will also apply to some tech firms. The details of this have yet to be worked out but the rules are likely to include online marketplaces, such as eBay and Amazon, and search engines such as Google.
The Network and Information Security directive is an attempt to deal with the emerging threat of cyber-attacks. Currently there is no common approach in Europe to digital network breaches, whether they are the result of human error, technical failures or malicious attacks.
The European Agency for Network and Information Security (Enisa) estimates that such breaches result in annual losses in the range of EUR 260 billion to EUR 340 billion.
Under the new rules, member states would have to co-operate more on cybersecurity, exchanging information about breaches, offering best practice and assisting member states in securing their infrastructures.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now