Cybersecurity

Cybersecurity

The importance of implementing cybersecurity measures has been highlighted in recent years by high profile security failures involving the internet, the technology, and the services which support and make use of it. Against this backdrop, cybersecurity is of growing significance both to businesses and individuals.

On 16 December 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented an EU Cyber Security Strategy. This strategy covers the security of essential services in the EU (eg hospitals, energy grids and railways) but also the security of connected objects in homes, offices and factories. The strategy focuses on building collective capabilities to respond to major cyber attacks and working internationally to ensure international security and stability in cyberspace.

Key EU cybersecurity initiatives include the EU Cybersecurity Act, the Digital Operational Act (DORA), the NIS 2 Directive, the EU Critical Entities Resilience Directive (CER Directive), the EU Cyber Security Regulation, the EU Cyber Resilience Act and the EU Cyber Solidarity Act.

Practice Note: EU Cybersecurity initiatives tracker tracks the key steps of legislative initiatives on cybersecurity in the EU.

Practice

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest EU Law News

EBA report finds anti-money laundering and countering the financing of terrorism supervision of banks improving across EU/ EEA Member States

The European Banking Authority (EBA) has published its final report summarising the actions taken by all 40 competent authorities in response to its findings and recommendations on anti-money laundering and countering the financing of terrorism (AML/CFT) supervision in banks. The report finds that most authorities have made significant progress in adopting a risk-based approach, developing strategies, implementing targeted supervisory plans, and enhancing cooperation at both national and international levels. It highlights that many authorities have aligned their national practices with EBA standards, improving the consistency and effectiveness of AML/CFT supervision and using supervisory tools more strategically. However, some work remains to address outstanding recommendations.

Greek scientist wins damages award in key EU privacy case

MLex: A Greek scientist has won €50,000 in damages for mental distress and reputational harm after the European Anti-Fraud Office (OLAF) published a press release revealing her personal data and making it possible for any reader to identify her. The case has attracted attention on how it addresses a person that is identifiable under the EU data protection rules.

EU adopts regulation streamlining financial services reporting requirements

The European Parliament and Council have adopted Regulation (EU) 2025/… of 8 October 2025 amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 regarding reporting requirements in financial services and investment support (otherwise known as the Better Data Sharing Regulation). The regulation introduces new information sharing obligations between EU financial authorities including the European Supervisory Authorities (ESAs), European Systemic Risk Board (ESRB), Single Resolution Board (SRB), European Central Bank (ECB) and the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), implementing a 'report once' principle whereby authorities must request information from other authorities rather than directly from financial institutions where possible. The regulation requires European Supervisory Authorities (ESAs) to prepare a feasibility study for a cross-sectoral integrated reporting system within 60 months, establish a permanent single contact point for reporting duplicative requirements, and grants authorities discretionary powers to share anonymised information with researchers for innovation purposes. The regulation also changes InvestEU Programme reporting frequency from biannual to annual and mandates authorities to review and propose removal of redundant reporting requirements within 24 months.

ESCB renews Statements of Commitment to updated FX Global Code

The European System of Central Banks (ESCB) has renewed its Statements of Commitment to the FX Global Code following the Code's update in December 2024. All ESCB members, including the European Central Bank, have reaffirmed their commitment to adhere to the Code's principles when acting as foreign exchange market participants. The Code, first published in 2017, sets out global principles of good practice in the foreign exchange market and is intended to promote integrity, effective functioning and high ethical standards. The ESCB has encouraged all foreign exchange market participants within its jurisdictions to review the updated Code and renew their own Statements of Commitment to support its objectives.