New Publication: Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes

Our second contribution to the Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media outlines the new incident reporting obligations under the NIS 2 Directive as foreseen in the original Commission Proposal for a NIS 2 Directive and further discussed during the trilogue negotiations. The NIS Directive (NISD) and sector-specific cybersecurity regulations … Continued

New Publication: The Transnational Dimension of Cybersecurity: The NIS Directive and Its Jurisdictional Challenges

Paula Contreras’ paper “The transnational dimension of cybersecurity: the NIS Directive and its jurisdictional challenges” analyses and compares the jurisdictional rules applicable to cross-border actors under the NIS Directive and the NIS 2 Proposal. It also comparatively examines the jurisdictional rules of two further EU regulatory instruments applicable to digital services—the GDPR and the DSA … Continued

New Publication: EDPB Adopts updated Guidelines on Personal Data Breach Notification under GDPR: The End of the One-Stop-Shop Reporting Mechanism for Non-EU Establishments

The NIS Directive introduced the reporting of security incidents for operators of essential services and some digital service providers. Likewise, the General Data Protection Regulation introduced the requirement for a personal data breach to be notified to the competent national supervisory authority and, in certain cases, to communicate the breach to the individuals whose personal … Continued

New Publication: Towards an Efficient and Coherent Regulatory Framework on Cybersecurity in the EU: The Proposals for a NIS 2.0 Directive and a Cyber Resilience Act

Cybersecurity regulation in the EU has long been implemented in a piece-meal fashion resulting in a fragmented regulatory landscape. Recent developments triggered the EU to review its approach which has not resulted in the envisaged high level of cyber resilience across the Union. Our paper addresses the EU’s limited mandate to regulate cybersecurity and outlines … Continued

New Publications Forthcoming

With the end of EnCaViBS approaching, we are happy to announce that some of our interim research results will soon be published. All publications will be open access and include the following: Paula Contreras, ‘The Transnational Dimension of Cybersecurity – The NIS Directive and its Jurisdictional Challenges’ in: C. Onwubiko, P. Rosati, A. Rege, A. … Continued

PG Chiara – The Cyber Resilience Act: the EU Commission’s Proposal for a Horizontal Regulation on Cybersecurity for Products with Digital Elements

Pier Giorgio Chiara, who has in the past contributed to this blog on several occassions, has published a research article on the CRA Proposal in the International Cybersecurity Law Review ([2022] 225 – 272). His article outlines the content of the CRA Proposal and also addresses the interplay with the forthcoming NIS 2.0 Directive. Abstract: … Continued