Cybersecurity

Cybersecurity

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals.

On 16 December 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented an EU Cyber Security Strategy. This strategy covers the security of essential services in the EU (eg hospitals, energy grids and railways) but also the security of connected objects in homes, offices and factories. The strategy focuses on building collective capabilities to respond to major cyber attacks and working internationally to ensure international security and stability in cyberspace.

Key EU cybersecurity initiatives include the EU Cybersecurity Act, the Digital Operational Act (DORA), the NIS 2 Directive, the EU Critical Entities Resilience Directive (CER Directive), the EU Cyber Security Regulation, the EU Cyber Resilience Act and the EU Cyber Solidarity Act.

Practice Note: EU Cybersecurity initiatives tracker tracks the key steps of legislative initiatives on cybersecurity in the EU.

Practice

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

European Commission releases December 2025 infringement package

The European Commission has published the December 2025 infringement package, which sets out the EU Member States the Commission is taking action against for failing to comply with their obligations under EU law. The December 2025 package includes letters of formal notice, reasoned opinions, and Court of Justice referrals issued to Belgium, Bulgaria, Czechia, Cyprus, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Austria and others across a range of policy areas, including environmental protection (water, waste, air quality, nature), public procurement, services, free movement, firearms, media freedom, child protection, energy and climate, taxation, customs, transport, financial services and competition.

Zalando loses its challenge against EU DSA VLOP designation

TMT analysis: On 3 September 2025, the General Court of the European Union delivered the first major judicial interpretation of Regulation (EU) 2022/2065, the EU Digital Services Act (EU DSA) in its dismissal of Zalando’s challenge against its designation as a ‘very large online platform’ (VLOP) under the EU DSA. Zalando’s argument had focussed on the fact that its e-commerce platform is a hybrid service, via which the Berlin-based fashion retailer sells its own products (not an activity regulated by the EU DSA), as well as allowing third-party partners to market products (an activity that is in-scope of the EU DSA). Zalando argued that this means that users who use the platform only to buy directly from Zalando, and not to engage with listings by third-party partners, should not be counted when assessing whether the platform meets the EU DSA’s user number threshold to qualify as a VLOP. This case has captured widespread attention, not only due to its impact on Zalando but also because the decision affects how all in-scope hybrid platform providers should count, and report on, their user numbers, and how likely such providers are to qualify as VLOPs. Written by Catherine O’Callaghan of Slaughter and May.

EU Law weekly highlights—11 December 2025

This week's edition of EU Law weekly highlights includes analyses on the impact of a Court of Justice ruling on operators of online marketplaces and their EU GDPR obligations, the Advocate General’s opinion on trade mark invalidity when marks are of such a nature as to deceive the public, the Court of Justice judgment on eligibility of utilitarian objects for copyright protection, the Digital Omnibus and key considerations for the life sciences sector, and questions from Member States on the planned delay for EU AI Act. In addition this week, the European Commission adopted a financial services market integration package, published the Environmental Simplification Omnibus, the European Grids Package and Energy Highways initiative, launched a public consultation on revising EU rules addressing unfair trading practices in business-to-business relationships within the agricultural and food supply chain, the Council of the EU and European Parliament reached provisional agreements to significantly narrow the scope of EU sustainability reporting and due diligence rules, as well to amend the EU Deforestation Regulation and the European Climate Law, the European Data Protection Board adopted recommendations clarifying the legal basis for requiring user account creation on e-commerce websites, the EIOPA launched consultations and published guidance as part of the Solvency II review and the Commission unveiled its Quality Jobs Roadmap, a strategic plan to ensure high-quality, future-proof employment across the EU.