The deal requires companies to make sure their infrastructure is secure.
The European Union (EU) lawmakers and internal market MEPs have signed an agreement on cyber-security rules.
The deal requires search engines like Google and online marketplaces such as eBay and Amazon to make sure their infrastructure is secure.
Transport, energy, banking, financial services, health and water firms will have to ensure that their digital infrastructure is resilient enough to withstand cyber-attacks. The companies should report serious security breaches to public authorities.
The deal exempts micro and small digital companies. The draft rules establish a cooperation group to exchange data and best practices, draw up guidelines and cooperate member states in cybersecurity capacity building.
Each member state should establish a network of computer security incidents response teams (CSIRTs) to handle security incidents and find coordinated responses.
European Parliament’s rapporteur Andreas Schwab said: "Today, a milestone has been achieved: we have agreed on first ever EU-wide cyber-security rules, which the Parliament has advocated for years.
"Parliament has pushed hard for a harmonised identification of critical operators in energy, transport, health or banking fields, which will have to fulfil security measures and notify significant cyber incidents.
"Member states will have to cooperate more on cybersecurity – which is even more important in light of the current security situation in Europe."