The security provisions that companies are subject to in the EU vary depending on the type of company and sector. Companies will also be able to decide whether to get cybersecurity certification, already under discussion for areas like the cloud and internet of things (IoT), in the future.
At the same time, there are substantial changes in security provisions under way as EU member states work on transposing the European Electronic Communications Code (EECC) and debate the proposed e-Privacy Regulation in Council.
Focusing on electronic communications networks & services, as well as digital service providers, this infographic shows who’s subject to what rules.
The infographic also shows EU and national developments in areas under consideration for cybersecurity certification schemes.
To download the infographic/cheat sheet please 'Request Access" below
or click on "Access the full content” if you are subscribed to our European Digital Economy or Telecoms services.
more news
12 March 26
National implementation of the EU Gigabit Infrastructure Act
The Gigabit Infrastructure Act (GIA) is a regulation and as such directly applicable in all member states without the need for transposition into national law. Despite being a regulation, the GIA often sets minimum requirements, on top of which member states can adopt additional measures to address country-specific circumstances. Our new benchmark shows the choices made by member states when implementing the GIA.
09 March 26
How are EU member states transposing NIS2?
Our latest benchmark tracks the progress of the Directive on measures for a high common level of cybersecurity across the EU (NIS2) transposition in the 27 EU member states.
05 March 26
CSRD: Austria and Malta finalise national transposition
Cullen International’s latest benchmark tracks the progress made by the 27 EU member states in transposing the Corporate Sustainability Reporting Directive (CSRD) and the related “stop-the-clock” directive.