Policy Briefs by TILT on EU Cybersecurity Regulations

The research group at Tilburg Law School (TILT), part of the INTERSECT project, has recently published two policy briefs discussing recent developments in EU regulations for cybersecurity. Below is a brief summary and a link to the complete policy brief.

  1. INTERSECT policy brief #3: The EUCC Certification Scheme

In early 2024, the European Commission adopted the European Common Criteria-based cybersecurity scheme, the first of its kind under the aegis of the Cybersecurity Act. This policy brief discusses the implementing regulation, along with  scheme and its salient features, including its material scope, relevant international standards, and the scheme seen in the context of the Netherlands. It also discusses briefly the scheme as a step further in further substantiating European cybersecurity regulation.

Author: Pratham Ajmera

Link: https://surfdrive.surf.nl/files/index.php/s/YyzS8KJi0ykIfrY 

  1. INTERSECT policy brief #4: Security measures in the GDPR & the NAP judgement (C-340/21):

This policy brief discusses the security requirements laid down in the GDPR and recent jurisprudence by the Court of Justice of the European Union (CJEU) on Article 32 GDPR, the Natsionalna agentsia za prihodite (NAP) judgement. In addition to the array of cybersecurity specific legal instruments that have recently been adopted, the GDPR’s security provisions also play an important role for strengthening cybersecurity. This policy brief takes a closer look the obligation to implement appropriate technical and organisational measures (TOMs) to ensure a level of security appropriate to the risk pursuant Article 32 GDPR as interpreted in the NAP judgement. Besides this, it discusses non-material damages following a personal data breach.

Author: Suzanne Nusselder

Link: https://surfdrive.surf.nl/files/index.php/s/31ZrsEPorQkuDbi 

Written by Savio Sciancalepore

0 Comments