Cybersecurity in the EU digitalisation acquis, Security, Fingerprint

Cybersecurity in the EU digitalisation acquis

In light of escalating geopolitical tensions and the attendant surge in State‐sponsored cyber-threats, the EU has adopted a number of new laws and regulations to strengthen its Member States’ capacity to react to cyber threats. On the one hand, the NIIS 2 Directive broadened the scope of critical and essential entities (e.g. energy, transport, health, digital infrastructure) subject to mandatory risk-management and incident-reporting obligations by the Member States’ authorities in charge of cybersecurity issues. On the other hand, the Cybersecurity Act introduced an EU-wide cybersecurity certification framework for ICT products, services and processes, while the recent Cyber Resilience Act introduced security‑by‑design requirements for hardware and software sold in the EU internal market.

This research line aims first at mapping EU cybersecurity laws and regulations, outlining similarities and differences, and identifying recent trends in light of the increased geopolitical tensions affecting the EU. Secondly, the EUI-CDS team will analyse the EU digitalisation acquis, pointing out any lack of cybersecurity considerations in terms of objectives, exceptions and the lack of institutional role of Member States’ cybersecurity agencies in the enforcement of these laws and regulations.

 

This project receives funding from the Market Donors of the Centre for a Digital Society.

Cookie setting

We use cookies to help personalise content and provide a better experience. By clicking Accept all, you agree to this, as outlined in our Cookie Policy. To change preferences or withdraw consent, please update your Cookie Preferences.