{"id":12156,"date":"2022-02-08T16:51:56","date_gmt":"2022-02-08T14:51:56","guid":{"rendered":"https:\/\/www.thegreenbow.com\/?post_type=resource&p=12156"},"modified":"2023-11-23T10:30:40","modified_gmt":"2023-11-23T08:30:40","slug":"what-can-we-expect-from-europe-in-terms-of-cyber-regulations","status":"publish","type":"resource","link":"https:\/\/www.thegreenbow.com\/en\/ressource\/blog-en\/what-can-we-expect-from-europe-in-terms-of-cyber-regulations\/","title":{"rendered":"What can we expect from Europe in terms of cyber regulations?"},"content":{"rendered":"\n
\n

Author : Arnaud Dufournet, Chief Marketing Officer<\/strong><\/strong><\/p>\n\n\n\n

As we start off this year in which France has taken over the presidency of the Council of the European Union, it is worth looking at the repercussions of the upcoming European regulations on cybersecurity. Especially in light of the fact that France has made it clear that \u201cstrengthening cybersecurity is a priority for its presidency\u201d. Over the next six months, the presidency will work to drive forward negotiations on the revision of the Network and Information System Security Directive<\/strong> (NIS Directive). Regulating the digital space is another main priority, as Thierry Breton has pinned his hopes on seeing both the Digital Service Act (DSA) and the Digital Market Act (DMA) pass.<\/p>\n\n\n\n

Faced with the stark reality of losing sovereignty mainly to the GAFAM, Europe appears to have decided to react and now shows a desire for \u201cstrategic autonomy\u201d. The first sign of this reaction is a recovery plan drawn up by Brussels last year, 20% of which is devoted to the digital transition and, more specifically, to investment in sovereign technologies. The other lever is regulation, with a desire to reduce the level of dependence on U.S. cloud services.<\/p>\n\n\n\n

NIS Directive: the foundations of a European cyber shield<\/strong><\/strong><\/strong> <\/h2>\n\n\n\n

Let us return more specifically to the area of cybersecurity and the NIS Directive, as the outlines of its second version have just been adopted by the Commission.<\/p>\n\n\n\n

EU Member States adopted Directive 2016\/1148 on the security of network and information systems on 6 July 2016. Drawing heavily on the Military Spending Bill (Loi de Programmation Militaire) introduced in France in 2013, it aims to make Europe more resilient by developing protective measures and collaboration in the face of cyber threats. To achieve this, it lays down minimum cybersecurity requirements for businesses and organizations that provide so-called essential services, i.e. services whose interruption would have a significant impact on the economy or society.<\/p>\n\n\n\n

\"Aeroport<\/figure>
\n

Referred to as Operators of Essential Services <\/strong>(OSEs), these entities belong to seven business sectors set out in the Directive: finance\/insurance, energy, transport\/logistics, health, drinking water, and digital infrastructure and services. For the latter, the Directive introduces the concept of Digital Service Providers (DSPs).<\/p>\n<\/div><\/div>\n\n\n\n

<\/p>\n\n\n\n

As a whole, the Directive imposes three types of obligations on OESs and DSPs:<\/p>\n\n\n\n