Regulations Related to Cybersecurity
This section presents a mapping of the current regulation landscape applicable for Cybersecurity in Smart Cities (in the European Union), organized on the following topics:
2. Complementary Cybersecurity
8. Practical guidelines for Smart Cities
The section is suited for:
all audiences
In 2022, the EU cybersecurity regulation landscape comprised mainly general cybersecurity provisions and secondarily industrial and emergent technologies specificities.
The regulatory acts or initiatives may be followed correlatedly depending on their targeted domain of practice in the technical spectrum (e.g., cybersecurity, artificial intelligence, digitalization, data protection) and be applied transversally, in a customized manner, depending on the domain of practice in the social spectrum (e.g., industrial sectors, smart environments). Additionally, regulations are complemented by good practices and guidelines developed to serve specific purposes (in this sense, ENISA has one of the most elaborate sets of guidelines for practical implementation of cybersecurity in different social areas, including Smart City).
Mapping of EU regulations on cybersecurity that impact Smart Cities
List of EU regulations on cybersecurity
1. Technical Cybersecurity
UN GGE on Developments in the field of information and telecommunications in the context of international security (general principles for technological security)
EU Cybersecurity Strategy for the Digital Decade (strategy for general cybersecurity)
Cybersecurity Act (certification scheme & mandate for ENISA)
Regulation for ECCC (technological sovereignty & financing & mandate for ECCC)
Proposal for Cybersecurity Regulation (operational cybersecurity & mandate for CERT-EU)
NIS Directive and proposal for NIS 2 Directive (directions for implementation of general cybersecurity measures)
Proposal for a Cyber Resilience Act (security of products with digital elements)
Commission Recommendation on building a Joint Cyber Unit (coordination of cyber operations)
Commission Recommendation on coordinated response to large-scale cybersecurity incidents and crisis
Proposal for a Directive on combating fraud and counterfeiting of non-cash means of payment
2. Complementary Cybersecurity
EU Security Union Strategy (strategy for extended, multi-domain security)
Regulation on restrictive measures against cyber-attacks (incrimination of large-scale cyber-attacks)
Directive for incrimination of attacks against information systems (incrimination of general cyber-attacks)
Proposal for a Regulation on cross-border preservation of e-evidence
Council conclusion on Data retention for the purpose of fighting cybercrime
Recovery and Resilience Facility (financing)
3. Artificial Intelligence
(contains aspects related to security)
Artificial Intelligence for Europe (which plays the role of an EU Strategy for AI)
European Parliament resolution on AI in education, culture and audiovisual sector
4. Disinformation
5. Digitalization
(contains aspects related to security)