Regulations Related to Cybersecurity

In 2022, the EU cybersecurity regulation landscape comprised mainly general cybersecurity provisions and secondarily industrial and emergent technologies specificities.

The regulatory acts or initiatives may be followed correlatedly depending on their targeted domain of practice in the technical spectrum (e.g., cybersecurity, artificial intelligence, digitalization, data protection) and be applied transversally, in a customized manner, depending on the domain of practice in the social spectrum (e.g., industrial sectors, smart environments). Additionally, regulations are complemented by good practices and guidelines developed to serve specific purposes (in this sense, ENISA has one of the most elaborate sets of guidelines for practical implementation of cybersecurity in different social areas, including Smart City).

Open

List of EU regulations on cybersecurity

1. Technical Cybersecurity

• UN GGE on Developments in the field of information and telecommunications in the context of international security (general principles for technological security)

• EU Cybersecurity Strategy for the Digital Decade (strategy for general cybersecurity)

• Cybersecurity Act (certification scheme & mandate for ENISA)

• Regulation for ECCC (technological sovereignty & financing & mandate for ECCC)

• Proposal for Cybersecurity Regulation (operational cybersecurity & mandate for CERT-EU)

• NIS Directive and proposal for NIS 2 Directive (directions for implementation of general cybersecurity measures)

• Proposal for a Cyber Resilience Act (security of products with digital elements)

• Commission Recommendation on building a Joint Cyber Unit (coordination of cyber operations)

• Commission Recommendation on coordinated response to large-scale cybersecurity incidents and crisis

• Conclusions of the General Affairs Council on complementary efforts to enhance resilience and counter hybrid threats

• Proposal for a Directive on combating fraud and counterfeiting of non-cash means of payment

• Council Resolution on Encryption

 2. Complementary Cybersecurity

• Charter of Fundamental Rights of the European Union

• EU Security Union Strategy (strategy for extended, multi-domain security)

• Regulation on restrictive measures against cyber-attacks (incrimination of large-scale cyber-attacks)

• Directive for incrimination of attacks against information systems (incrimination of general cyber-attacks)

• Proposal for a Regulation on cross-border preservation of e-evidence

• Council conclusion on Data retention for the purpose of fighting cybercrime

• Recovery and Resilience Facility (financing)

• Combating child abuse online

3. Artificial Intelligence

(contains aspects related to security)

• Artificial Intelligence for Europe (which plays the role of an EU Strategy for AI)

• White paper on Artificial Intelligence

• Proposal for an Artificial Intelligence Act

• Coordinated Plan on AI

• Ethics guidelines for trustworthy AI

• European Parliament resolution on AI in education, culture and audiovisual sector

4. Disinformation

• EU Action Plan against disinformation

• EU Code of Practice on disinformation

• EU Democracy Action Plan

5. Digitalization

(contains aspects related to security)

• The Digital Services Act package

• Digital Markets Act

• The European Digital Identity framework and the proposal for Regulation eIDAS

• Europe’s Digital Decade: digital targets for 2030

• Digital Education Action Plan 2021-2027

• DigComp2.2 - The Digital Competence Framework for Citizens

6. Data, and Data Protection

• A European Strategy for Data

• General Data Protection Act

• Data Governance Act

• Directive on open data and the re-use of public sector information

• Directive on protection of natural persons with regard to the processing of personal data by competent authorities

• Directive on protection of natural persons with regard to the processing of personal data by the Union

7. Critical infrastructures

• Proposal for a Directive on resilience of critical infrastructure

• 5G Cybersecurity

8. Practical guidelines for Smart Cities

• Council’s conclusions on the Cybersecurity of connected devices

• ENISA’s guide: Cyber Security for Smart City

• ENISA’s guide: IoT and Smart Infrastructures

• ENISA Good practices for IoT and Smart Infrastructures tool

• ENISA’s Cyber Security and Resilience of Intelligent Public Transport