EU regulations for increasing resistance to cyberattacks
There are a number of EU regulations that focus on increasing resistance to cyberattacks. InfoPower team can help you to find your way in the forest of regulations (directives and regulations) and to implement only what you really need in your business.
InfoPower implementations
- Network and Information Security Directive (NIS) Adopted in 2018, this directive obliges EU member states to adopt and implement protection measures for operators of essential infrastructure and services (OES) in sectors such as energy, transport, health and finance. The implementation of ISO/IEC 27001:2022 creates an excellent basis for the full implementation of the NIS2 directive.
- General Data Protection Act (GDPR) Adopted in 2016, the GDPR stipulates strict requirements for the protection of personal data, including protection against cyberattacks.
- Radio Equipment Directive (RED) Adopted in 2014, RED prescribes requirements for the security of radio equipment, including protection against cyber-attacks.
- Product Safety Directive Adopted in 2001, this directive lays down general requirements for product security, including protection against cyberattacks.
- Digital Single Market Service (DSM) Adopted in 2016, the DSM sets the rules for digital services in the EU, including security requirements.
- Digital Services Act (DSA) Proposed in 2022, the DSA prescribes stricter requirements for large online platforms and online content mediation services (intermediaries), with a focus on protecting users from harmful content, including cyber attacks.
- Cyber Resilience Act (CRA) Proposed in 2022, the CRA aims to strengthen the EU's resilience to cyberattacks by establishing legal frameworks for risk and incident management, improving cooperation and information sharing, and strengthening capacity to detect and prosecute cybercriminals.
- Digital Operational Resiliency Act (DORA) New EU regulation that entered into force in January 2023. The main objective of DORA is to improve the resilience of the EU financial sector to cyber-attacks and other operational disruptions. It achieves this by establishing a robust framework for ICT (information and communication technology) risk management and ensuring that financial institutions have robust plans to protect their digital assets and continuously deliver their services.
In addition to these regulations, there are a number of other EU initiatives and strategies focused on increasing resistance to cyberattacks, such as the EU Cybersecurity Strategy from 2019 and the EU Digital Decade Plan from 2021.