In recent times, the European Union has been reinforcing the regulatory framework on cybersecurity to deal with the growing threat posed by cyberattacks. To this end, it is providing the Member States with a common framework especially focused on cybersecurity aimed at guaranteeing the cyber-resilience of the processes that support different essential services for society.
The NIS Directive or Directive (EU) 2016/1148 was the first cybersecurity law of the European Union and provided a common framework to improve the resilience of the Union’s networks and information systems against cybersecurity risks. It has proven to be a useful Directive, but over the years it has also shown its limitations in the face of increasing cyber threats and the growing reliance on digital solutions.
That is why, at the end of last year, the European Commission presented the new EU cybersecurity strategy based on three main pillars:
- Resilience, technological sovereignty and leadership;
- Operational ability to prevent, deter and respond;
- Cooperation to promote a global, secure and open cyberspace.