The EU cybersecurity framework has expanded significantly since the first Directive on measures for a high common level of cybersecurity across the EU (NIS) was adopted in 2016.
While the initiatives are intended to complement each other, certain sectors may need to navigate several of them. For example, the security of telecoms networks and services is regulated under the NIS2 Directive. However, telecoms operators should also consider specific requirements for 5G following the implementation of the 5G risk management toolbox.
Cullen International published a cheat sheet outlining how the various EU cybersecurity initiatives adopted thus far work together to strengthen the security and resilience of critical sectors at EU level.
Clients of our European Digital Economy service, can also access it directly on our client portal via the following link:
more news
06 February 26
The DNA explained: deadlines set for copper switch-off, but with exceptions
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers copper switch-off.
06 February 26
The DNA explained: no major overhaul of SMP access rules
Cullen International is issuing a series of analyses on different aspects of the Digital Networks Act (DNA) proposal. This report covers SMP access rules.
05 February 26
Revised Cybersecurity Act (CSA2) - mechanism to restrict high-risk ICT suppliers in critical sectors
Cullen International published an analysis of the proposed provisions to restrict high-risk suppliers (HRS) under the revised Cybersecurity Act (CSA2) delivered by the European Commission on 20 January 2026.