In the coming years, the number of EU laws and regulations related to digitalization is likely to increase significantly. This is, of course, partly due to all the new technologies that have emerged, such as artificial intelligence, for which no laws had been created at all previously. A number of new laws are already planned for the next five years. But which laws are relevant if you work in cybersecurity? In this blog, we’ll outline four new European laws that are important if you’re involved in cybersecurity!
1. Dora: for the financial sector
DORA stands for the Digital Operational Resilience Act. This law primarily targets the financial sector. The European regulation is intended to strengthen the operational resilience of financial institutions. This sector is, of course, already quite strictly regulated, but new laws continue to be introduced, particularly from the EU. The law applies not only to the financial sector but also to third-party IT suppliers, especially when it comes to cloud computing that supports critical functions.
2. NIS2: One of the most important European laws on cybersecurity!
The NIS 2 Directive is primarily focused on improving the digital and economic resilience of European member states. There are eighteen sectors that will be affected by the NIS-2 Directive, and it primarily focuses on measures related to cybersecurity risk management and the reporting of incidents in this area. Companies sometimes tend not to report cybersecurity incidents because they fear it could damage their reputation. However, reporting incidents is actually a crucial source of data for preventing such incidents in the future!
3. EU Cloud Certification Scheme
The EU Cloud Certification Scheme is a framework for certifying the digital security of cloud service providers. The EUCS is part of the Cybersecurity Act (CSA) of 2019. The schemes used under this directive are not mandatory, but there is a strong likelihood that they will become mandatory in the future.
4. Cyber Resilience Act: One of the European laws on product cybersecurity
This EU regulation primarily focuses on hardware and software products. It therefore does not concern the digital resilience of organizations, but rather the products that organizations use. The Cyber Resilience Act sets requirements for the cybersecurity of digital products sold in the EU, such as software and IoT devices. These requirements are mandatory, so all products must comply with them—no exceptions. All products that are directly or indirectly connected to a network are subject to this regulation!