Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys to Assist Organisations with EU Cookie Directive Compliance

QualysGuard Web Application Scanning (WAS) Enables Organisations to
Identify Cookies That Require a User’s Consent

London, UK, June 25, 2012 – Qualys®, Inc., a pioneer and leading provider of cloud security and compliance solutions, today announced that its QualysGuard Web Application Scanning (WAS) service will identify web application cookies to enable organisations to comply with the European Union (EU) Cookie Directive that has been enforced in the United Kingdom (UK) beginning on May 26th, 2012.

On May 26th 2011, the UK adopted regulations to implement the 2009 EU E-Privacy Directive, which requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions. Web site cookies are used to identify users while they are visiting a site, and have in recent years been increasingly used to track users activities as they move between sites on the Internet. It is the ability to track users across many sites that raised privacy concerns since most users are not even aware the tracking is taking place. The UK Cookie Directive is privacy legislation that requires web sites to gain consent from visitors before they can store cookies or other information used to track a user’s actions – fundamentally changing how web application owners interact with users.

One of the challenges with the new regulations for many organisations is identifying if a particular site or web application is using cookies that require the user’s consent. Just as customers may not be aware that companies are tracking their activity, many companies that employ these techniques by utilizing 3rd party services may not even be aware that their activities may be in violation of the Cookie Law. With QualysGuard WAS, organizations can identify the cookies that their web applications are using, including those issued by 3rd parties. With this information, organisations can evaluate whether the cookies are subject to the law and then update the web application to ensure it meets the EU legislation.

While the EU cookie legislation went into effect last year, the UK’s Information Commissioner’s Office (ICO) set May 26th of 2012 as the enforcement date. The ICO is the body responsible for enforcing the UK regulation, with authority to levy fines on web site owners up to £500,000. The ICO is also preparing a web site and tool that will allow users to check and report websites that do not comply with the regulations.

“As this new law impacts any web sites with European visitors, we are pleased to provide our customers with an easy-to-use solution to quickly assess their web sites and provide an accurate list of the ones that store cookies so they can review and update to meet this new law,” said Philippe Courtot, chairman and CEO of Qualys.

Pricing and Availability

This solution is available immediately as part of QualysGuard WAS 2.3, which is sold as annual subscriptions based on the number of web applications, and includes 24x7 support and full updates.

For more information about QualysGuard WAS and how to use this new solution to identify cookies, please visit the Qualys Community at:

About QualysGuard WAS

QualysGuard Web Application Scanning, or QualysGuard WAS, uses the scalability of the QualysGuard Cloud Platform to allow customers to discover, catalog and scan a large number of web applications. QualysGuard WAS scans and analyses custom web applications and identifies vulnerabilities that threaten underlying databases or bypass access controls. These web applications are often the main attack vectors for cyber attackers.

About QualysGuard Cloud Platform

The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions provide organisations of all sizes with a global view of their security and compliance posture, while drastically reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyze large amounts of IT security data, discover and prioritise vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.

About Qualys

Qualys, Inc., is a pioneer and leading provider of cloud security and compliance solutions with over 5,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of applications helps businesses simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey