The EU Proposes a New Legislation to Protect Businesses Against Cyber Attacks

On 18th April 2023, the European Commission published a proposal for a new Cyber Solidarity Act, which aims to strengthen cyber security regulation by preventing and countering significant cyberattacks. The Cyber Security Act will be supported by funds of €1.1 billion, the majority of which will come from the EU budget.

Why Has the Cyber Solidarity Act Been Proposed?

The Russian invasion of Ukraine has increased the threat of cyberattacks across the EU. In addition, cyber-attacks have become more prevalent since the pandemic as many businesses have started to adopt remote working patterns, and therefore criminals have tried to take advantage of vulnerabilities in systems and networks. This has subsequently prompted the EU Commission to come up with a plan to tackle threats and try to support businesses. 

The new Cyber Solidarity Act will help to monitor and prevent cybersecurity threats and incidents, improve critical entities' preparedness, strengthen cooperation, and coordinate crisis management and response capabilities throughout the European Union member states. 

It will also aim to promote information sharing about data breaches, attacks, and vulnerabilities, improve cyber resilience amongst organisations, and establish wide incident management resources in the European Union.

What Will Be Included in the Act?

The Act will establish a European Cyber Security Shield across the EU, which will include a pan-European infrastructure of Security Operation Centers (SOCs) to develop and improve coordinated detection and situational awareness capabilities. 

The Cyber Security Shield will use a variety of technologies, for instance, AI, to monitor and identify cyber threats and notify authorities of impending attacks allowing member states to receive timely warnings about cyberattacks.

The EU Cyber Solidarity Act also includes a Cybersecurity Emergency Mechanism to help member states prepare for and respond to large-scale cybersecurity breaches. The Cyber Emergency Mechanism will improve preparedness by testing entities in high-risk industries like healthcare, transportation, and energy for potential vulnerabilities and also offer financial assistance to member states that need it.

The last component of the EU Cyber Solidarity Act is the Cybersecurity Incident Review Mechanism, which will investigate and evaluate major or large-scale incidents to inform future developments in the EU's approach to cyber defence.

What Will the Act Aim to Achieve?

The key objectives of the Act according to the EU is to “build, strengthen and interconnect cyber threat intelligence (CTI) capabilities across the European Union”. As such, the Act will help to ensure and protect critical entities and essential services like hospitals and public utilities. 

In addition, the Commission also proposes a collaboration between the public and private sectors to respond to cyberattacks. This collaboration will be called the “Cybersecurity Skills Academy” and will be set up to raise awareness of cybersecurity skills initiatives and assist in increasing the number of skilled professionals in the EU to address the cybersecurity skills gap across the Member States. This will make cybersecurity information more accessible through an online platform. It will also provide funding and training for qualified candidates.

What Does the EU Cybersecurity Solidarity Act Mean for Businesses?

The Cybersecurity Solidarity Act is designed to create a safe and secure digital environment for citizens and businesses across the EU. Cybersecurity attacks are a growing issue and are becoming more common and more sophisticated. This Act will help to support businesses and will offer clear guidance on how to prevent and prepare for a potential cyber attack. The aim is to make businesses more resilient against cyberattacks which will protect individuals’ sensitive information and create a sense of security and confidence in the public. 

How Can Gerrish Legal Help?

Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property. 

We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.

We are here to help you, get in contact with us today for more information.