Technology firms and those running critical services will have to report cyber-breaches, under new rules proposed by MEPs, reports BBC.
The rules will also establish minimum standards of cybersecurity for banks, energy and water firms.
It is the first time Europe has created EU-wide rules on cybersecurity.
It comes in the wake of concerns that key infrastructure, such as airports or power stations, could be targeted by hackers.
The proposed laws – agreed by MEPs and ministers from the 28 EU countries – will also apply to some tech firms. The details of this have yet to be worked out but the rules are likely to include online marketplaces, such as eBay and Amazon, and search engines such as Google.
The Network and Information Security directive is an attempt to deal with the emerging threat of cyber-attacks.
Currently there is no common approach in Europe to digital network breaches, whether they are the result of human error, technical failures or malicious attacks.
The European Agency for Network and Information Security (Enisa) estimates that such breaches result in annual losses in the range of 260 billion to 340 billion euros.
Under the new rules, member states would have to co-operate more on cybersecurity, exchanging information about breaches, offering best practice and assisting member states in securing their infrastructures.