The European Internal Market must be protected not only from conventional threats but from digital attacks as well. Accordingly, the NIS‑2 Directive protects critical infrastructure. A separate Regulation, the Cyber Resilience Act, will go into effect in the future for products with digital elements. The annual cost from global cybercrime alone is estimated by the European Commission at EUR 5.5 trillion.
Plans for an EU Cyber Solidarity Act
With the Cyber Solidarity strategy and plans for an EU Cyber Solidarity Act, the EU Commission is supplementing its existing plans with the idea of actively including private actors in the defensive shield against cyberattacks. More than 60,000 cybersecurity companies are established in the EU. These companies may be gradually incorporated into a cyber reserve, which can be deployed at the request of the member states in case of cross-border incidents, provided that it can be verified in advance that the companies in question are trustworthy. These “cyber reservists” would act alongside regional Security Operations Centers (SOCs), which are conceived as fixed organizations. Inclusion in the European Cyber Reserve can bring many advantages for companies. First of all, they would be able to serve as part of the European defensive shield against cyberattacks, helping to improve European cybersecurity in a public-private partnerships and strengthen confidence in digital technologies. They would also benefit from the opportunity to take part in joint training sessions and exercises, as well as from better access to the latest information and technologies.
For idea for an EU Cyber Solidarity Act was first discussed in early March of this year. A legislative formulation is not yet in sight, but more concrete proposals are expected in the second half of 2023. It is already clear that these plans should fir seamlessly into the framework for the EU’s new data and cybersecurity law. The EU has already launched several new legislative projects in an effort to improve resilience in connection with cybersecurity. By arranging for government and private actors to work together, the EU hopes to intensify these efforts and ensure more effective protection for civilian and military infrastructure.
It is to be expected that companies will generally have to meet stricter requirements in the future when it come to the security of their data and systems in order to comply with regulatory requirements and protect against cyberattacks. Accordingly, companies will have to contend with numerous new compliance rules and reporting duties in connection with cyberattacks. Companies should therefore lose no time in reviewing their IT infrastructure, their processes and their employees with a view towards potential risks and taking necessary action to improve cybersecurity.back