It's not just the power and transportation companies that are required to be extra careful, though. Any online marketplace like eBay or Amazon, search engine such as Google or cloud service like Dropbox or Google Drive that's accessible in an EU country will be under pressure to keep their infrastructures secure. They'll also be required to report major incidents to the Parliament.

In addition, the 28 member states themselves are expected to cooperate with one another and to set up an anti-hacking task force called Computer Security Incidents Response Team (CSIRT). Each country's CSIRT is in charge of fighting off domestic cyberattacks, though they can coordinate their actions in case of international, cross-border security breaches. That said, all these rules still need approval, so there might be some changes in the final draft.