Cybersecurity regulation in the EU has long been implemented in a piece-meal fashion resulting in a fragmented regulatory landscape. Recent developments triggered the EU to review its approach which has not resulted in the envisaged high level of cyber resilience across the Union. Our paper addresses the EU’s limited mandate to regulate cybersecurity and outlines how the internal market rationale serves as a basis to harmonise cybersecurity legislation in the EU Member States. In that regard, the recent Proposal for a NIS 2.0 Directive (at the time of the publisher’s closing date the Proposal had only been adopted by the European Parliament) and the Proposal for a Cyber Resilience Act highlight how the EU seeks to align legislation and reduce complexity between different, often sectoral regulatory approaches to cybersecurity, while at the same time extending regulation in a view to achieve a high level of cybersecurity across the EU. As regards the latter, the paper also outlines how the Cyber Resilience Act will complement the NIS 2.0 Directive in order to close existing regulatory gaps.
The full paper can be accessed freely online in Volume 1, Issue no 1 of Applied Cybersecurity & Internet Governance, an open access peer-reviewed scholarly journal published by the National Research Institute NASK, Poland. The recently founded journal provides a platform for debate on crucial and strategic cyber challenges and aims to create an open space to publish cybersecurity research from various regional, sectoral, and thematic perspectives. The first issue also features a highly recommended publication by Vagelis Papakonstantinou (The Cybersecurity Obligations of States Perceived as Platforms: Are Current European National Cybersecurity Strategies Enough?).