The EU’s new cybersecurity strategy – the subject of the Commission’s September 1997 Communication entitled “Resilience, Deterrence and Defense: Towards a Strong Cybersecurity for the EU” – aims to strengthen the resilienceof member states to cyber attacks and to create a single market for cybersecurity in terms of products, services and processes.
Based on this goal, the European legislature has recently issued a number of relevant regulatory acts, including second-generation ones, aimed at addressing prevention, transparency and resilience profiles in relation to potential cybersecurity incidents.
The Italian legislature has also been active in this area in order to:
- Transpose the requirements contained in the relevant EU directives
- Adapt the national legal system to the provisions of EU regulations
- Strengthen the national security system in the area.
Main features of cybersecurity regulations
Cybersecurity has become by far the most relevant area of the cybersecurity field, as it addresses the threats that systems and data face when connected to the Internet. In fact, according to the International Telecommunication Union(ITU), the number of global Internet users – using Internet-connected computers, smartphones and IoT devices – has reached about 66 percent of the world’s population by 2023.
This is why cybersecurity has become increasingly important.
However, “closed systems” – that is, not connected to the Internet for security or specific functionality reasons – still represent a significant part of critical infrastructure and enterprise systems.The following is an overview of the main features of each of the major existing – or soon to be enacted – cybersecurity regulations. We will touch on additional profiles of the cybersecurity regulatory framework in future articles.
