EU lawmakers and member states struck a deal on the bloc's first cyber-security law that will require Internet firms to report serious breaches or face sanctions.
The deal was reached in response to increasing worries about cyber attacks resulting in security and privacy breaches, said a Reuters report.
The European Commission's digital chief, Andrus Ansip, said the new law would build up consumers' trust in Internet services, especially cross-border services, reported Reuters.
"The Internet knows no border - a problem in one country can have a knock-on effect in the rest of Europe. This is why we need EU-wide cyber-security solutions. This agreement is an important step in this direction," he said.
The new law, known as the Network and Information Security Directive, sets out security and reporting obligations for companies in critical sectors such as transport, energy, health and finance. Web firms will be subject to less stringent obligations, than, say, airports or oil pipeline operators.
Under the measure, Internet companies such as Google, Amazon, eBay and Cisco - but not social networks like Facebook - will be required to report serious incidents to national authorities, which in turn will be able to impose sanctions on companies that fail to do so.