On April 18, 2023, the European Commission published its proposal for an EU Cyber Solidarity Act (“CSA”). It aims to strengthen incident detection, situational awareness, and response capabilities, and to ensure that entities providing services critical for day-to-day life can access expert support to manage their cyber risk and respond to incidents. Specifically, the CSA aims to promote information sharing about cyber incidents and vulnerabilities, to help improve the cyber resilience of critical entities, and to create an EU-wide resource for incident management.
The CSA adds another layer to the increasingly crowded landscape of EU cybersecurity laws. The proposed law would interact with the revised Network and Information Security Directive (“NIS2”) and certifications issued under the Cybersecurity Act. Private companies in specific sectors will also have to consider potential overlap with the forthcoming Cyber Resilience Act and the financial services-focused Digital Operation Resilience Act.
Below, we set out three striking features of the CSA that are likely to be of particular relevance to private companies.Continue Reading Three Interesting Features of the Proposed EU Cyber Solidarity Act