Cybersecurity

Cybersecurity

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals.

On 16 December 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented an EU Cyber Security Strategy. This strategy covers the security of essential services in the EU (eg hospitals, energy grids and railways) but also the security of connected objects in homes, offices and factories. The strategy focuses on building collective capabilities to respond to major cyber attacks and working internationally to ensure international security and stability in cyberspace.

Key EU cybersecurity initiatives include the EU Cybersecurity Act, the Digital Operational Act (DORA), the NIS 2 Directive, the EU Critical Entities Resilience Directive (CER Directive), the EU Cyber Security Regulation, the EU Cyber Resilience Act and the EU Cyber Solidarity Act.

Practice Note: EU Cybersecurity initiatives tracker tracks the key steps of legislative initiatives on cybersecurity in the EU.

Practice

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

Commission launches consultation to revise the EU Cybersecurity Act and strengthen the EU cybersecurity framework

The European Commission launched a call for evidence to support the preparation of a legislative proposal to revise the EU Cybersecurity Act. The initiative aims to strengthen EU cyber resilience, update the mandate of the EU Agency for Cybersecurity (ENISA) and improve the effectiveness of the European Cybersecurity Certification Framework. The Commission noted that the cybersecurity landscape has become significantly more complex and threat‑intensive since the Act’s adoption in 2019, while subsequent EU legislation has expanded ENISA’s tasks beyond its original mandate, creating the need to streamline, simplify and supplement the existing framework to ensure coherence, reduce administrative burdens and improve implementation for businesses and users. The initiative focuses on measures to support a secure and resilient Information and Communication Technology supply chain and the EU cybersecurity industrial base, addresses shortcomings in the certification framework such as slow adoption, unclear roles, limited agility and insufficient clarity on covered risks, including non‑technical factors, and considers alignment with newer instruments such as the Cyber Resilience Act. The Commission outlined policy options ranging from non‑legislative measures to targeted or comprehensive regulatory revision, stating that EU‑level action is required to prevent internal market fragmentation and to secure long‑term economic and social benefits through greater harmonisation, stronger cybersecurity and resilience, more efficient incident response and enhanced protection of fundamental rights, including personal data. The call for evidence will run until 20 June 2025.

Commission imposes definitive anti-dumping duties on Chinese steel cylinder imports

The European Commission has imposed definitive anti-dumping duties ranging from 57.7% to 90.3% on high-pressure seamless steel cylinders for compressed or liquefied gas imported from China. The measures follow an investigation that identified unfair trade practices covering cylinders of all diameters and volume capacities. During the investigation period, from 1 July 2023 to 30 June 2024, the EU market totalled 6.4 million units, of which 4.5 million units were imported from China.

Commission announces entry into force of EU-Singapore Digital Trade Agreement

The European Commission has announced that the EU-Singapore Digital Trade Agreement (DTA) entered into force on 2 February 2026, representing the EU's first standalone bilateral digital trade agreement. The DTA establishes rules for cross-border digital transactions and includes commitments on online consumer protection, personal data and privacy protection, as well as safeguards against unsolicited commercial communications. It promotes paperless trade, recognises the validity of electronic signatures, contracts and invoices and prohibits the imposition of customs duties on electronic transmissions. The DTA also prohibits unjustified data localisation requirements and the forced transfer of software source code. The DTA builds on the 2019 EU-Singapore Free Trade Agreement, with negotiations on the agreement having commenced on 20 July 2023.

ACER publishes Rules of Procedure for cross-border REMIT investigations

The Agency for the Cooperation of Energy Regulators (ACER) has published Rules of Procedure setting out how it will investigate suspected cross-border breaches of the EU Regulation on Wholesale Energy Market Integrity and Transparency (REMIT). This followed legislative changes in 2024 that gave ACER a mandate to investigate cases affecting more than one Member State. The rules explain how ACER will examine suspected insider trading, market manipulation, failures to disclose inside information, data reporting breaches and obligations on persons professionally arranging or executing transactions. They set out ACER’s investigatory powers, including on-site inspections, requests for information and interviews, while confirming that enforcement remains the responsibility of national regulatory authorities. The Rules of Procedure describe the stages of investigations, the decision-making process and the rights and obligations of the parties concerned. They are intended to ensure legal certainty, due process, fairness and efficiency. ACER is expected to begin using these cross-border investigatory powers from the second half of 2026.