The most obvious effect is that it will mean additional costs for all businesses covered by the proposed directive in terms of creating new processes and acquiring new technology to comply. The directive means that, for the first time, companies will be under a legal obligation to ensure they have suitable IT security mechanisms in place, which is likely to boost IT spending across the EU. The real effect of the proposed directive begins to emerge in the light of the fact that it requires that all “market operators” to ensure that the networks and information systems under their control meet minimum security standards, to be laid down by the EU.