RESEARCH AND COMPARISON OF EUROPEAN UNION REGULATORY DOCUMENTS IN CYBERSECURITY
Abstract
The article presents a thorough study and comparison of the main regulatory acts of the European Union in the field of cybersecurity, including: NIS2 Directive, General Data Protection Regulation (GDPR), Digital Operational Resilience Regulation (DORA) and PCI DSS standard. These documents are considered fundamental elements in shaping the EU's current policy on digital information protection, covering personal data, financial information and critical infrastructure. The paper outlines the key objectives of each of the acts, analyses their scope of application, requirements for regulated entities, risk management mechanisms, incident reporting, interaction with suppliers, and sanction provisions. Particular attention is paid to comparing the acts in terms of their impact on business and IT infrastructure, as well as identifying the interrelationships between them. It has been established that although each document has its own focus - personal data protection, financial infrastructure resilience, digital network security, or payment card transaction protection - they are all aimed at creating a comprehensive cyber security ecosystem within the EU. The article also analyses international analogues of these acts, such as GDPR-like laws in the United States and Brazil, NIST and ISO standards, which demonstrates the global nature of the digital security problem and the search for common approaches to solving it. In conclusion, the paper emphasises the importance of a comprehensive and harmonised approach to cybersecurity as a key condition for the sustainable development of a digital society. Given the current threats, in particular geopolitical conflicts and the growing scale of cybercrime, the effective implementation of European standards is of particular importance for partner countries, in particular Ukraine, which needs to adapt the relevant standards to enhance national cyber resilience.
Downloads
References
Directive (EU) 2022/2555 of the European Parliament and of the Council (2022) On measures for a high common level of cybersecurity across the Union (NIS 2 Directive). Official Journal of the European Union. – URL: https://surl.li/xpktzi
Regulation (EU) 2016/679 of the European Parliament and of the Council (2016) On the protection of natural persons with regard to the processing of personal data (GDPR). Official Journal of the European Union. – URL: https://surl.lt/zdilhe
Regulation (EU) 2022/2554 of the European Parliament and of the Council (2022) On digital operational resilience for the financial sector (DORA). Official Journal of the European Union. – URL: https://surl.li/lvfsva
PCI DSS Certification (n.d.) Payment Card Industry Data Security Standard. PCI Security Standards Council. – URL: https://getpci.com/
Centers for Medicare & Medicaid Services (n.d.) HIPAA – Health Insurance Portability and Accountability Act. – URL: https://www.cms.gov/priorities/key-initiatives/burden-reduction/ administrative-simplification/hipaa
U.S. Department of Education (n.d.) What is FERPA? – URL: https://surl.lu/oizpnq
Office of the Attorney General of California (n.d.) California Consumer Privacy Act (CCPA). – URL: https://oag.ca.gov/privacy/ccpa
Brazilian Government (n.d.) General Personal Data Protection Act (LGPD). – URL: https://lgpd-brazil.info/
Council of Europe (1981) Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data. – URL: https://ippi.org.ua/vid-redaktsiinoi-kolegii-konventsiya-%E2%84%96-108-radi-%D1%94vropi-%E2%80%9Cpro-zakhist-osib-u-zv%E2%80%99yazku-z-avtomatizovano
Federal Financial Institutions Examination Council (FFIEC) (n.d.) Cybersecurity Assessment Tool. – URL: https://www.ffiec.gov/resources/cat
Federal Trade Commission (n.d.) What is the NIST Cybersecurity Framework? – URL: https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework
North American Electric Reliability Corporation (n.d.) Critical Infrastructure Protection (NERC CIP). – URL: https://www.techtarget.com/searchsecurity/definition/North-American-Electric-Reliability-Corporation-Critical-Infrastructure-Protection-NERC-CIP
UK Government (2018) The Network and Information Systems Regulations 2018 (NIS Regulations 2018). – URL: https://surl.li/zahavi
ISO/IEC (2022) ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection. – URL: https://www.iso.org/standard/27001
National Institute of Standards and Technology (2020) NIST Special Publication 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. – URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
National Institute of Standards and Technology (2020) NIST Special Publication 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. – URL: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
Palo Alto Networks (n.d.) What is SOC 2 Compliance? – URL: https://www.paloaltonetworks.com/cyberpedia/soc-2
Copyright (c) 2025 Computer Science and Cybersecurity
This work is licensed under a Creative Commons Attribution 4.0 International License.
