The Israeli Antitrust Authority (IAA) published for public comment a draft opinion on the joint effort and exchange of information by institutions, organizations and companies for the purpose of defending against cyber threats. The need for this type of opinion was amplified in light of the increase in cyber-attacks.
Initiating and allowing cooperation between competing companies is essential in order to handle and respond to cybersecurity risks. Discourse among competitors will allow companies to formulate better solutions for cybersecurity risks, prevent future attacks and reduce cyber-attacks.
Under the Israeli antitrust law (Restrictive Trade Practices Law, 5748-1988), exchange of information among competitors can inhibit competition and as such may constitute a restrictive trade practice.
The IAA’s draft opinion provides two criteria to evaluate the lawfulness of collaborating and sharing cyber information among competitors:
- Type of information shared. Exchanging parties may only share information with respect to cybersecurity risks and methodologies for preventing cyber incidents. They may not share commercial information as to their business activities (in particular, sensitive business information).
- Non-discriminatory sharing. The information shared with one company must be shared with other companies in the same sector or market, unless there a justifying reason exists for denying access to the information. Denying access to shared information absent justification could inhibit competition and as such can constitute an antitrust violation.