Cyber Security Regulations Update 2025

EU has finished the legislatory work on new cyber security and digital regulations affecting products and entities, and the new requirements will start applying during 2025-2027. Non-conformity is in general de-incentivized via significant administrative fines.

Operators, integrators and supply chains for IT and OT systems are impacted by cyber security risk management measures in the slightly delayed EU national implementations of NIS2 directive. The NIS2 implementing regulation with a wider range of requirements impacts e.g. managed services providers, perhaps even integrators, and also SaaS providers even if they provision their services from outside EU.

Manufacturers of software and hardware products with data interfaces, including manufacturers of offerings that are sold with the -as-a-Service business model (such as SaaS), who intend to continue sales in EU, are disruptively impacted and they will need to redesign their offerings to some extent to conform with new applicable regulations for CE marking of products (Radio Equipment Directive 3(3)def, Machinery Regulation, Artificial Intelligence Act, Cyber Resilience Act) and regarding sharing of use data (Data Act).

Most companies have already embarked on their multi-year transformational journeys towards secure-by-design, but some companies are not even aware about the new requirements. Meanwhile EU is preparing to tackle internal market issues, created by increased regulatory complexity and geopolitics.

Duration 1 hour.

The host of the Cyber Security Regulations Update webinar series is Antti Tolvanen who has since 2019 been closely following up the changes in cyber security regulatory landscape in EU. In addition to working as Sales Director at Etteplan’s Software and Embedded Solutions business area, Antti is also helping Etteplan’s customers in identifying and initiating necessary investments to meet new regulatory cyber security requirements and create competitive advantage.