Europe Leads the Cybersecurity Regulation Dance

Europe has emerged as a hub for developing cyber policies, acting to improve software security, and quickly reporting severe breaches. The European Commission has introduced some pretty cutting-edge legislation and regulations in response to the effects the war in Ukraine had on businesses operating in the EU and the shifting of criminal activity away from US territory. These steps intend to adjust European cybersecurity policy to the changing threat environment.

Analysts point out that the EU’s actions are “more expansive than recent policymaking in the United States,” despite the EU being frequently criticized for its bureaucratic procedures.

Only in the last quarter of 2022, we saw two significant initiatives materializing:

First update on the NIS Directive

The EU approved the first revision to the Network and Information Systems (NIS) Directive on November 28, 2022. The update intends to significantly strengthen the EU, the public and private sectors, and their capacities for incident response. The new regulation, known as NIS2, will establish standards for cybersecurity risk management practices and reporting requirements across all sectors it covers, including energy, transportation, health, and digital infrastructure. The updated regulation keeps a broad principle in place. Still, it adds new clauses to ensure proportionality, more outstanding risk management, and specific criticality standards to let national authorities choose whether other companies should be included. It includes a 24-hour deadline for such organizations to disclose major cyber incidents as soon as they become aware. Governments must incorporate the directive’s requirements into national law within This article has been indexed from Thales CPL Blog Feed