In the era of persistent technological advancement, the European Union (EU) is actively setting gold standards by revising and introducing cybersecurity laws and regulations to address the risks brought by the continuously evolving digital landscape. These upcoming laws establish far-reaching standards for ensuring that organisations are properly protecting their digital infrastructure, sensitive data, as well as reducing the increasing threats posed by cybercriminals and other threat actors. Organisations in the scope of cybersecurity laws have to be familiar with the steps that go into approaching compliance, while also preserving stakeholder trust, safeguarding their key assets, and building a robust cybersecurity posture that empowers operating in today's interconnected and ever evolving digital world.
When it comes to cybersecurity, the EU is a key actor at the forefront of regulatory initiatives, continuously striving to enhance digital security through its laws and regulations. Legislation such as the EU AI Act, Cyber Resilience Act (CRA), Digital Services Act (DSA), and Digital Markets Act (DMA) will introduce new cybersecurity obligations, revamping the existing landscape. Meanwhile, EU directives like DORA and NIS 2 are already approved, prompting organisations to proactively prepare themselves.
DORA is a regulatory game-changer for digital finance security. Designed to bolster the financial institutions’ ability to manage ICT risks and dependencies, DORA aims to fortify individual organisations and the industry as a whole, making them more resilient in the face of ever-evolving threats.
Compliance with the regulation aims at enhancing digital finance's ability to manage risks and dependencies, and empowering organisations to develop robust policies and strategies to combat evolving threats. The obligations imposed by the DORA aim at strengthening resilience exercises, streamlining the supply chain risk management by establishing clear expectations for third-party ICT providers, while also encouraging the sharing of threat intelligence data among financial entities for a collaborative approach to cybersecurity.
NIS 2 brings about transformative changes in cyber and information security for organisations operating in important and essential sectors. NIS 2 expands its scope to include for example digital service providers and online platforms, ensuring a comprehensive approach to safeguarding digital ecosystems.
Additionally, NIS 2 imposes more stringent obligations for the different sectors in scope; Businesses and organisations will have to ensure that cyber risk management, control and monitoring, incident handling and reporting, business continuity, amongst other security measures have been implemented.
The European directive must be formatted into local legislation by October 2024. However, the Dutch Minister of Justice and Security has indicated that this deadline will not be met. As a result, the law will not come into force until early 2025. Nevertheless, we advise organisations to prepare themselves proactively. Are you prepared?
Has your organisation set the stage for ensuring compliance with the enhanced cybersecurity requirements?
The Critical Entities Resilience Directive (CER Directive) is a directive established by the European Union (EU) to address the growing disruptions in our polycrisis world. Its primary objective is to enhance the resilience of critical entities in the face of various threats and hazards. These include natural disasters, terrorist attacks, cyber attacks, and sabotage.
Read more about the CER Directive and discover get in touch with our experts why this directive matters, when the directive will be enforced and which steps need to be taken now.
As an organisation, you use digital technology to develop new products and services or to function in a different way. But is your organisation always aware of the increasing digital threat once new systems are implemented? How prepared are you for new or changed laws and regulations? And how do you ensure that your clients, suppliers and employees efficiently get access to new technology in an efficient way? PwC helps you design your strategy so that your digital security is not unnecessarily compromised.
Are you ready for the EU cybersecurity requirements for Radio Equipment and IoT devices? Download the whitepaper and learn how to prepare for RED.
The PwC multidisciplinary cybersecurity team is up-to-date with the latest laws and regulations. Our focus lies in assisting organisations in navigating the complex landscape of compliance; ensuring that they meet the stringent requirements set by legislators, such as the EU, supporting your cyber transformation needs every step of the way. From conducting risk assessments and gap analyses to developing and implementing robust cybersecurity policies and procedures, we guide you through every step of your compliance journey.