On July 6, 2016, the European Parliament adopted the Network and Information Systems Directive (RSI Directive), which provides legal measures to improve the general level of cybersecurity in the EU, by guaranteeing:

• The preparation of the Member States, by requiring them to have appropriate devices in this regard; for example, a network of Computer Security Incident Response Teams (CSIRTs) and a National Network and Information Systems Competent Authority (RSI).
• Cooperation between all Member States through the creation of a cooperation group in order to support and facilitate strategic cooperation and exchange of information. They must also create a CSIRT Network, with the aim of promoting rapid and effective operational cooperation in the face of specific cybersecurity incidents and exchanging information on risks.
• A culture of safety in different sectors that are vital for our economy and society and, in addition, depend heavily on information and communication technologies (ICT), such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure. Companies in these sectors that are identified by the Member States as operators of essential services must take appropriate security measures and report serious incidents to the corresponding national authority. In addition, providers of key digital services (search engines, cloud computing services and online marketplaces) will have to comply with the security and notification requirements of the new Directive.

The key is to build on these two important measures and increase the levels of cooperation between different communities, thus creating an infrastructure that most effectively minimizes the possible consequences of a cyber attack. To achieve this, it is necessary to integrate sectors, vectors and interest groups; and, in order to achieve this with greater solvency, it must be recognized that the existing cooperation measures, however well-intentioned they may be, fall short. The "why" was made clear to us; The challenge, as we move forward in this debate, lies in determining which cooperation, between whom, is the one that should be institutionalized most effectively.
The above list reflects the wide range of potential targets of an attack, as well as highlighting the extent of its impact in terms of secondary victims. It also underscores the important issue of "who is accountable to". Cooperation cannot be considered something “okay”, but rather a necessary means of protecting victims, both deliberate and accidental, of a cyber attack. To point out the obvious: the number of people affected by the hacking of any of the entities listed above is staggering. Not only does it have an extraordinary economic cost, it also paralyzes the municipality, affects the hospital, endangers air travelers and has overwhelming consequences for the people who require public services. By itself, this justifies cooperation between the parties involved.
Mutual cooperation or security does not imply agreement on all issues nor does it indicate a perfect confluence of interests, values ​​and goals. However, it does reflect the recognition that certain threats, based on their possible consequences, justify the search for a common position even when the parties have conflicting interests. The two principles (self-defense and collective security) can be considered complementary. On the one hand, individual action is justified; on the other, it is recognized that certain cases require cooperation to facilitate protection.