The security provisions that companies are subject to in the EU vary depending on the type of company and sector. Companies will also be able to decide whether to get cybersecurity certification, already under discussion for areas like the cloud and internet of things (IoT), in the future.
At the same time, there are substantial changes in security provisions under way as EU member states work on transposing the European Electronic Communications Code (EECC) and debate the proposed e-Privacy Regulation in Council.
Focusing on electronic communications networks & services, as well as digital service providers, this infographic shows who’s subject to what rules.
The infographic also shows EU and national developments in areas under consideration for cybersecurity certification schemes.
To download the infographic/cheat sheet please 'Request Access" below
or click on "Access the full content” if you are subscribed to our European Digital Economy or Telecoms services.
more news
14 July 25
How are EU member states transposing NIS2?
Our benchmark tracks the transposition status of the directive on measures for a high common level of cybersecurity across the EU (NIS2) in the 27 member states. 14 countries adopted national legislation to transpose NIS2.
10 July 25
WhatsApp and other communication apps must allow legal interception in less than half of the EU countries
Our new pan-European benchmark examines national rules of lawful interception obligations for number-independent interpersonal communications service providers, such as WhatsApp.
09 July 25
Countries tighten IoT rules with new security, numbering and device measures
Our Quarterly Regulatory Update on IoT and M2M Services (Q2 2025) highlights how national regulators are shaping the future of IoT and M2M services in areas such as cross-border connectivity, device regulation, and security.