New Laws for a Safer Cyber Space: Following ransomware attacks in Germany that paralyzed hospitals—causing delays in emergency medical services—and the cyber attack on Ukraine’s power grid that left hundreds of thousands without electricity, the European Union has decided to strengthen its legislative system.
By adopting the new “Cybersecurity Package” in December 2024, the EU laid the foundation for significantly enhancing resilience against increasingly sophisticated cyber threats. The goal of these laws is to protect critical infrastructure, businesses, and private users through unified standards and stricter controls.
What Do the New Laws Introduce?
The package includes two key acts:
- The Directive on Measures for a High Common Level of Cybersecurity (NIS2), which requires member states to harmonize security standards and improve mutual cooperation.
- The Cyber Resilience Act, which ensures that digital products sold on the EU market are equipped with security features starting from the design phase.
New Challenges: Geopolitical Threats and Financial Security
Similar cyber incidents have occurred globally. For example, a ransomware attack on the global shipping giant Maersk halted operations, resulting in hundreds of millions of dollars in losses. Likewise, the 2021 cyberattack on Colonial Pipeline in the United States disrupted fuel supply, demonstrating the severity of such attacks.
Beyond cyber threats, global challenges such as geopolitical tensions increasingly affect citizens’ security. Recently, Dutch banks advised clients to consider holding cash at home due to growing geopolitical risks and potential disruptions in the banking system caused by cyber attacks.
What Does This Mean for Companies and Users?
New Laws for a Safer Cyber Space introduce stricter obligations. Sectors such as healthcare, transportation, energy, and finance will need to adopt robust protective measures. For instance, manufacturers of smart devices like thermostats and security cameras must ensure their products include mechanisms to guard against hacking attempts. For end users, this translates to a safer digital environment, reduced risk of data theft, and greater protection when using online services.
Regional Impact for Bosnia and Herzegovina and the Western Balkans
The EU’s cybersecurity package also opens opportunities for Bosnia and Herzegovina (BiH) and other Western Balkan countries to align their legislation with European standards. Recent cyber attacks on the Integrated Health Information System and the Tax Administration of Republika Srpska, which led to data leaks, highlight the urgent need for systemic reforms.
BiH, in particular, requires the adoption of a comprehensive cybersecurity strategy and alignment of data protection laws with the EU’s GDPR regulations. These reforms will outline how critical infrastructure operators should protect state-level systems. Implementing such measures can increase investor confidence and create a more stable business environment.
A Digital Future Under Protection
With the adoption of this legislative package, the EU sends a clear message: security in the digital space is as important as physical security. This framework promotes innovation and the development of new technologies while providing stronger protection against evolving threats.
An interesting example of cybersecurity practices comes from San Francisco’s Muni Metro. Once considered the safest urban rail system globally, it relied on outdated technology, using software loaded from three floppy disks daily—despite advancements in modern systems. This approach inadvertently safeguarded the system from cyber attacks. However, the city recently approved a $212 million plan to modernize this system, ensuring robust data security measures.
Conclusion
The digitalization of processes and cybersecurity are inseparable and require a strategic approach to thrive. The EU’s new legislation, paired with strict enforcement measures, provides a predictable foundation for the strategic development of cybersecurity at all levels. This will facilitate further digital transformation of work processes.
The Western Balkans must inevitably follow this path of legislative reforms, taking concrete steps to implement adopted strategies and laws. Doing so will build investor trust and create a solid foundation for economic growth driven by digital transformation.
For more information about legal services in information technology, visit: https://ia-lawfirm.com/en/information-technologies-media-and-telecommunications/
