Here are some of the most relevant regulations:
-
Directive on the security of network and information systems (NIS Directive): Adopted in 2016, this directive establishes minimum cybersecurity requirements for operators of essential services and digital service providers. It requires member states to develop national cybersecurity strategies and establish national agencies responsible for monitoring and managing cybersecurity incidents.
-
General Data Protection Regulation (GDPR): Adopted in 2016 and enforced in 2018, the GDPR regulates the protection of personal data in the European Union. In the context of cybersecurity, the GDPR imposes strict obligations on data security and the notification of security breaches to supervisory authorities and affected individuals.
-
Directive on the fight against cybercrime and cyberattacks (NIS 2 Directive): Adopted in 2021, this directive updates and complements the NIS Directive and introduces new requirements for cybersecurity. It promotes cooperation between member states in managing cyber incidents and imposes stricter security measures on operators of essential services and digital service providers.
-
Council of Europe Convention on Cybercrime (Budapest Convention): This convention, adopted in 2001 and signed by multiple European countries, sets standards for combating cybercrime, such as illegal access to computer systems, computer fraud, child pornography, and other technology-related offenses.
-
Directive on combating cybercrime (Cybercrime Directive): Adopted in 2013, this directive sets minimum rules on the definition and penalties for cybercrimes, such as illegal access to computer systems, interference with data, computer-related offenses against property, and offenses against the integrity of computer systems.
-
Data Retention Directive: This directive, adopted in 2006 and revised in 2009, requires providers of electronic communications services to retain certain traffic and location data to facilitate the investigation, detection, and prosecution of serious crimes.
These are just a few examples of important regulations in the field of cybersecurity and cybercrime in the European Union. It is important to note that specific legislation and effective implementation may vary in each EU member state, as the directives need to be transposed into the national legislation of each country.