Legislation

The regulatory framework is increasing yearly, not only in quantity but also in complexity, creating sophisticated approaches to protect personal data, network security and information systems and to achieve a high level of cybersecurity, cyber resilience and to promote trust.

In 2018, two new European legislation were implemented within the European Union: the General Data Protection Regulation (GDPR), which is applicable since 25 May 2018; and the Directive on the Security of Network and Information Systems (NIS Directive), which entered into force in August 2016, requiring Member States to transpose the Directive into their national laws by 9 May 2018 and, further identify operators of essential services by November 2018. As a result of these new legislations, it has become a necessity for the market to have a clear understanding and awareness of the expected changes, mechanisms, or tools in order to implement these requirements, and best practices as a result of  the priorities of these new laws.

Meanwhile, the near future may expect the revision of another important legislation. The European Commission has proposed a text for a new ePrivacy Regulation (which will update the previous ePrivacy Regulation of 2009), and the European Data Protection Supervisor (Mr. Giovanni Buttarelli) published an article asking for the urgent revision of the confidentiality of electronic communications through the ePrivacy Regulation.

In 2017, the Cybersecurity Act was proposed as part of a set of measures to address cyber attacks and to build cyber resilience. The Cybersecurity Act aims to reinforce the role of ENISA as a center of expertise and advice for cybersecurity, as well as introduce an EU cybersecurity framework.  On March 12, 2019, the EU Parliament approved the proposal for the Cybersecurity Act.

Certainly, such active evolvement of the law can help regulate the CS&P market more adequately than before, and it is clear that in the near future further transformations of the legal system will take place (such as case law or amendments to ensure consistency and less legal uncertainty). These developments will make the current and future work of cyberwatching.eu very important, as it can play a role in helping the legislation be communicated in a straightforward manner in the different fields that it applies to, thereby actively contributing to the CS&P Roadmap.