Cybersecurity

EU Cybersecurity Certification Schemes Will Surprise U.S. Businesses

A previous article discussed how U.S. businesses are generally unaware of the European Union’s (EU) Network and Information Systems Directive (NIS Directive) and the cybersecurity and notification requirements it imposes on critical infrastructure companies and digital service providers powers. The second part of the EU’s march to take the global lead on cybersecurity is in the EU Cybersecurity Act (“Act”), which was adopted April 17, 2019 and became effective June 27, 2019, with some provisions effective June 28, 2021. U.S. companies are about to be surprised about how the Act could impact them and hinder their ability to compete in the EU market.

EU Cybersecurity Act

The EU Cybersecurity Act (“Act”) permanently established the European Network and Information Systems Agency (ENISA) and changed its name to the EU Agency for Cybersecurity, while giving it more substantially more authority and resources. Many of its provisions further support or advance provisions of the NIS Directive.