Cybersecurity—European Union—Q&A guide
Cybersecurity—European Union—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—European Union—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—European Union—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in European Union published as part of the Lexology Getting the Deal Through series by Law Business Research (published: January 2021).

Authors: Taylor Wessing—Thomas Kahl; Detlef Klett; Dr. Paul Voigt

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

In the past, the European Union has placed great focus on enacting uniform regulations for sufficient cybersecurity. There are laws that deal directly with the topic of cybersecurity and laws that contain indirect regulations. The most important regulations include the following:

  1. ePrivacy Directive (last revised in 2009);

  2. NIS Directive (2016);

  3. Cybersecurity Act (2019);

  4. Cyberattack Regulation (2019); and

  5. Directive on attacks against information systems (2013).

The directives do not apply directly in all member states but require transformation into national law. All member states must comply with this transformation obligation. Regulations, on the other hand, apply directly in all member states without the need for transformation. Work is currently underway on an ePrivacy Regulation.

The NIS Directive was a major step for the European Union to improve cybersecurity across the board. In particular, cooperation between member states was strengthened through joint working groups. In addition, focus was placed on ensuring that companies in specific essential sectors implemented improved protection against cyberattacks.

The Cyber Security Act has strengthened the position of the European

Popular documents